funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 17 Jul 2008 18:11:33 -0400
I'm still not getting this. With interpretative languages, what is being executable is data, not binary code. In general, interpreters don't generate binary code to be executed. BTW, the Wikipedia article on Harvard Architecture never mentions anything about security. Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah Sent: Thursday, July 17, 2008 6:47 PM To: funsec () linuxbox org Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting Date sent: Thu, 17 Jul 2008 14:57:07 -0400 From: Larry Seltzer <larry () larryseltzer com>
SQL isn't actually executable code, it's just data that program code uses in order to decide what to execute.
Pretty good definition of a compiler, isn't it?
A program in a Harvard architecture is capable of going "if x==1 then do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it?
Yup, but you'd have to do it in the program store.
Things like buffer overflows would be impossible with a Harvard architecture, but I don't see why SQL injection or Trojan horse programs or many other malicious items would be any less likely.
SQL injection would be prevented because you couldn't have any data submitted to the program store. Trojans are still possible, but you have to convince the owner to manually enter your program into the program store, you can't just send it via email or driveby download. ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org The World Youth Congress was the greatest thing that ever happened [to Ghana], so I was surprised to learn [later] that it was a CIA front. I may be the only person you will ever meet who is indebted to the CIA. - Stephen Lewis http://victoria.tc.ca/techrev/rms.htm _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Jeff Kell (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Valdis . Kletnieks (Jul 18)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 18)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)