Full Disclosure mailing list archives

Attacks based on predictable process IDs??

From: Brett Hutley <brett () hutley net>
Date: Wed, 26 Nov 2003 11:32:01 +1100

Folks, does anyone know why predictable process IDs are considered harmful?

I can see that there could be the possibility of a compromise if your
cryptographic PRNGs are seeded using a process ID.

Does anyone know of any other types of attacks?

Cheers, Brett
--
Brett Hutley [MAppFin,CISSP,SANS GCIH]
mailto:brett () hutley net
http://hutley.net/brett



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Attacks based on predictable process IDs?? Brett Hutley (Nov 25)
- Re: Attacks based on predictable process IDs?? Christopher Allene (Nov 25)
  - Re: Attacks based on predictable process IDs?? Brett Hutley (Nov 25)
- Re: Attacks based on predictable process IDs?? Jirka Kosina (Nov 26)
  - Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 27)
    - Re: Attacks based on predictable process IDs?? Dirk Mueller (Nov 27)
    - Re: Attacks based on predictable process IDs?? Thomas Preissler (Nov 27)
    - Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 28)
    - Re: Attacks based on predictable process IDs?? Luis Bruno (Nov 28)
- Re: Attacks based on predictable process IDs?? Ron DuFresne (Nov 26)
- Re: Attacks based on predictable process IDs?? Brett Hutley (Nov 27)