Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLL hijacking with Autorun on a USB drive

From: Valdis.Kletnieks () vt edu
Date: Thu, 02 Sep 2010 16:05:06 -0400
On Thu, 02 Sep 2010 20:47:03 +0200, Pavel Kankovsky said:

On Tue, 31 Aug 2010 Valdis.Kletnieks () vt edu wrote:


Only if your OS's security model understands the fact that executable
code and data belong in different security domains and thus different
rules should apply about what files to "trust" in each category.


If your OS's security model "understands" programs and data belong in
different security domains then every instruction of code on your computer
is trusted to enforce that policy. Your line of defence goes through every
program and any bug can breach it. The failure is inevitable. [1]

[1] P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor,
S. J. Turner and J. F. Farrell, "The Inevitability of Failure: The Flawed
Assumption of Security in Modern Computing Environments", In Proceedings
of the 21st National Information Systems Security Conference, 1998,
pp. 303--314 
<http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.117.5890>


Yeah, but hacking a Harvard architecture is still balls harder than hacking
a von Neumann architecture. ;)

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: