Re: Texas Bank Dumps Antivirus for Whitelisting

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

Date sent:              Thu, 17 Jul 2008 14:57:07 -0400
From:                   Larry Seltzer <larry () larryseltzer com>

> SQL isn't actually executable code, it's
> just data that program code uses in order to decide what to execute.

Pretty good definition of a compiler, isn't it?

> A
> program in a Harvard architecture is capable of going "if x==1 then
> do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it?

Yup, but you'd have to do it in the program store.

> Things like buffer overflows would be impossible with a Harvard
> architecture, but I don't see why SQL injection or Trojan horse programs
> or many other malicious items would be any less likely.

SQL injection would be prevented because you couldn't have any data submitted to 
the program store.  Trojans are still possible, but you have to convince the owner 
to manually enter your program into the program store, you can't just send it via 
email or driveby download.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
The World Youth Congress was the greatest thing that ever
happened [to Ghana], so I was surprised to learn [later] that it
was a CIA front.  I may be the only person you will ever meet who
is indebted to the CIA.                              - Stephen Lewis
http://victoria.tc.ca/techrev/rms.htm
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.