Re: Dep and aslr and /gs and so on

[Ralf-Philipp Weinmann <crypto.rpw () gmail com>]

Hi Dave,

you're right there. If you tell people in our community something's
impossible to break, it definitely will be broken. Lars Knudsen's quote
about cryptology can be weakened and transferred to information security in
general: "If something is provably secure, it's probably not."

Nonetheless, what I really don't like about this inflation is that it'll
prevent new kids from entering the game as easily as we did. My fear is that
in a couple of years it's gonna be just us olpharts (excuse the pun) who
have the nice exploits.

Cheers,
.:ralf:.

On Mar 26, 2009 7:36 PM, "Dave Aitel" <dave.aitel () gmail com> wrote:

So over and over for several years now you can hear people in the offensive
information security talk in despair about the new Microsoft protection
measures. But here's the thing as I see it - if you tell yourself its
impossible, then it definitely will be.  As Joe Bennet from "Lipstick
Jungle" would say: "Plan for success!".

All of the new security technologies coming out total a one or two order of
magnitude increase in an attacker's costs. That's not impossible, that's
just inflation. So deal.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave