Subject: Re: Computers' Insecure Security - Business Week, 17Jun05 - msg#00095

Previous Message by Date: click to view message preview

Re: fragging with rootkit detectors?

<top_post> Morning all, (yeah ok so not morning everywhere but I can live with being wrong for 12 hours out of 24, that's pretty normal). I hasten to add that this is a general rambling so if you're bored by this point just close the email, log off (I said log!) and get on with the rest of your day.... I would be very surprised if CSA or other similar products (everyone knows i'm vendor neutral in my general sarcasm) are not detected by a product which is doing it's job correctly with a thought towards rootkit detection, this includes insertion points, helping show where the int overflows or other such things may be etc.. Did I say that? Of course maybe there will be a Pd project (wow, the power of linking threads!!!) which will allow rootkit detectors to only detect rootkits which are not on a "preference" list? hmm.. encrypted rootkit channels.. Oh yes, it's been done. anyway, feel better for that little ramble extract from it what you will, Time for coffee, M </top_post> On Sun, 19 Jun 2005, Rodney Thayer wrote: > Do you think these rootkit detectors would have any efficacy in > detecting policy enforcement packages? Is there something > out there that can detect the insertion points of oh, say, CSA? > > _______________________________________________ > Dailydave mailing list > Dailydave@xxxxxxxxxxxxxxxxxxxxx > https://lists.immunitysec.com/mailman/listinfo/dailydave > -- VulnDev\[.\]org "Paranoia, keeping us clothed and fed since _init();"

Next Message by Date: click to view message preview

Re: Computers' Insecure Security - Business Week, 17Jun05

It's nice to see Yankee Group has discovered something that other folks have already seen;-) Whether or not hackers should be treating security products as more interesting targets is a point of discussion, but the security product vendors are, after all, by definition, in the security space so I think it's fair to question the security of their products and unfair of them to presume they have some sort of right to be sloppy on the security of their own implementations. Gage wrote: Looks like we have a case of the blind leading the blind. (respectively excluding any dailydave's) the security software products that we recommend and use are now worst than the out-of-the box OS from MS. The new Yankee Group Report should be an interesting read for most. It doesn't take much hacking talent to hold down the F8 key and select safe mode with networking to turn off 95+% of all security products. Gage JUNE 17, 2005 Computers' Insecure Security Software meant to protect PCs are now attack targets, revealing a rising number of flaws -- even more than those of Microsoft products Think you're safe because your computer has the latest antivirus program, complete with daily updates via the Web? Or maybe you figure the firewall you have installed will stop malicious software from reaching your machine. Well, you may not be as secure as you think. Hackers are increasingly finding flaws in the very programs designed to prevent attacks -- computer-security software. Advertisement ...

Previous Message by Thread: click to view message preview

Re: Computers' Insecure Security - Business Week, 17Jun05

On Mon, 20 Jun 2005, Rodney Thayer wrote: :It's nice to see Yankee Group has discovered something that other :folks have already seen;-) : :Whether or not hackers should be treating :security products as more interesting targets is a point of discussion, :but the security product vendors are, after all, by definition, in the :security space so I think it's fair to question the security :of their products and unfair of them to presume they have some sort of :right to be sloppy on the security of their own implementations. I agree with you. I thought this has been understood for a long time now :-/ Look at the show that was put on when BlackHat had a nice presentation on FW-1 weaknesses (by T. Lopatic, J. McDonald, & D. Song) back in 2000; this is just one (high profile) example of many. Oh well :-) Guess some people need that wake up call. : :Gage wrote: :> Looks like we have a case of the blind leading the blind. (respectively :> excluding any dailydave's) the security software products that we recommend :> and use are now worst than the out-of-the box OS from MS. The new Yankee :> Group Report should be an interesting read for most. It doesn't take much :> hacking talent to hold down the F8 key and select safe mode with networking :> to turn off 95+% of all security products. :> :> Gage :> :> :> JUNE 17, 2005 :> :> Computers' Insecure Security :> :> :> Software meant to protect PCs are now attack targets, revealing a rising :> number of flaws -- even more than those of Microsoft products :> :> :> Think you're safe because your computer has the latest antivirus program, :> complete with daily updates via the Web? Or maybe you figure the firewall :> you have installed will stop malicious software from reaching your machine. :> :> :> Well, you may not be as secure as you think. Hackers are increasingly :> finding flaws in the very programs designed to prevent attacks -- :> computer-security software. Advertisement : :... :_______________________________________________ :Dailydave mailing list :Dailydave@xxxxxxxxxxxxxxxxxxxxx :https://lists.immunitysec.com/mailman/listinfo/dailydave : : -- Andrew R. Reiter arr@xxxxxxxxxx

Next Message by Thread: click to view message preview

Re: Computers' Insecure Security - Business Week, 17Jun05

/shameless plug My talk at blackhat amsterdam that was delivered by Chris Farrow (I couldn't make it - don't ask) was on abusing patch and systems management vendors and my defcon talk expands on that to abusing security software in general. /end plug I think the topic is still very relevant for discussion. _______________________________________________ Dailydave mailing list Dailydave@xxxxxxxxxxxxxxxxxxxxx https://lists.immunitysec.com/mailman/listinfo/dailydave