funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 17 Jul 2008 20:00:37 -0400
Since HA machines don't really exist in nature, it's kind of hard to say what they can and cannot do. ;-) The answer to your JIT question would depend on how our mythical HA CPU allows the memory dedicated to instruction store to be loaded up. Richard -----Original Message----- From: Larry Seltzer [mailto:larry () larryseltzer com] Sent: Thursday, July 17, 2008 7:47 PM To: Richard M. Smith; Drsolly Cc: funsec () linuxbox org; rMslade () shaw ca Subject: RE: [funsec] Texas Bank Dumps Antivirus for Whitelisting And since you bring up Java, I guess JITs are not possible on HA. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: Richard M. Smith [mailto:rms () computerbytesman com] Sent: Thursday, July 17, 2008 6:40 PM To: 'Drsolly'; Larry Seltzer Cc: funsec () linuxbox org; rMslade () shaw ca Subject: RE: [funsec] Texas Bank Dumps Antivirus for Whitelisting Code bytes only get security measures supported by the hardware. Data bytes can be subjected to additional security checks. For example, a JVM can implement a security model of its choosing for P-code. (From the viewpoint of the real CPU, P-Code is not instructions but just data bytes that gets processed like any other data.) Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Drsolly Sent: Thursday, July 17, 2008 6:21 PM To: Larry Seltzer Cc: funsec () linuxbox org; rMslade () shaw ca Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting On Thu, 17 Jul 2008, Larry Seltzer wrote:
Harvard architecture, unlike von Neumann architecture, had a strictseparation of progrma and data store and representation. It would have been impossible for a program to modify its own or other executable material. Data was not executable, so SQL injection and XSS would have been impossible. (So would a lot
of
other things, but ...) I'm not a real computer scientist, I just play one online, but this isn't how I thought it worked. SQL isn't actually executable code,
it's
just data that program code uses in order to decide what to execute. A program in a Harvard architecture is capable of going "if x==1 then do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it? Things like buffer overflows would be impossible with a Harvard architecture, but I don't see why SQL injection or Trojan horse
programs
or many other malicious items would be any less likely.
What's the difference between bytes that are executable, and bytes that are used by the computer to decide what to do? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 18)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)