News Items that Interested me this Week

Each week (ok, mostly every week!) I'll post news items that interested me...

Security analysis of Checkpoint firewall
Of interest is the way around RedHat's ExecShield buffer overflow defense.
https://www.pentest.es/checkpoint_hack.pdf

Abusing chroot
This quote caught my attention: "If you have the ability to use chroot() you are root. If you are root you can walk happily out of any chroot by a thousand other means," Alan Cox
https://kerneltrap.org/Linux/Abusing_chroot

Made For Hacking
There is nothing you don't already know in this article, but it does explain to a laymen why we see some of the issues we see on the Internet.
https://www.forbes.com/security/2007/10/03/cerf-internet-hacking-tech-security-cx_ag_1003techcerf.html

What if We Had Vuln-Free Software?
Jeff Jones has a very jaded view of life sometimes, but he usually nails security issues, and this one is dead on the money IMO.
https://blogs.technet.com/security/archive/2007/09/29/what-if-we-had-vuln-free-software.aspx

Auditing Open Source Software
I love looking at and learning from security bugs. This blog post is interesting, but offers no remedies for integer overflow issues, which makes the article of little use to the people that don't understand the issue. If you want integer overflow remedies and defenses, I would highly recommend the excellent work of my co-author, David LeBlanc.
https://googleonlinesecurity.blogspot.com/2007/10/auditing-open-source-software.html

BlueHat
A couple of blog posts from researchers who attended Bluehat this year. It's always good to see what these guys think...

Back From BlueHat
https://dvlabs.tippingpoint.com/blog/2007/10/01/back-from-bluehat

Back from the Microsoft Blue Hat conference
https://wabisabilabi.blogspot.com/2007/09/back-from-microsoft-blue-hat-conference.html

Apple Mac OSX - Leopard (Security. Safer by Design)
It's always fascinating to see how companies attack (no pun intended) the security problem on their platforms, and the Mac is no exception. A couple of points from the security web page took my interest (emphasis, mine):

Tagging Downloaded Applications
Protect yourself from potential threats. Any application downloaded to your Mac is tagged. Before it runs for the first time, the system asks for your consent — telling you when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.
[MH] hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista - asking for user consent? :)

Sandboxing
Enjoy a higher level of protection. Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they’re intended to do
[MH] Really? I doubt it.

https://www.apple.com/macosx/features/300.html#security

Comments

• Anonymous
  October 19, 2007
  PingBack from http://ghillie-suits.info/?p=8054

• Anonymous
  October 19, 2007
  RE: What if We Had Vuln-Free Software? -- Didnt you say this ages ago... http://channel9.msdn.com/ShowPost.aspx?PostID=1405 Whilst I agree 100%, I have the feeling that flaws in the software will still be targeted even if we could aproach no vulnerabilities -- which I doubt because programmers are human, make mistakes, and we've got no closer to "bug free" (as in traditional QA bugs) software in decades of work.  (config errors are in a different "bag" I feel - you can't blame the software, but on the other hand it really shouldn't be able to (easily at least) be configured in an insecure way) The reason (to me anyway) is that targeting of vulns in the software is much less "risky" for the attacker as it's easier for them to keep their anonymity, and the attacks scale a lot easier. My $0.02 anyway.  Thanks for this post though Mike - it's easy to miss news/articles that are interesting.

• Anonymous
  October 19, 2007
  [quote] hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista - asking for user consent? :) [/quote] In reality Apple has developed a very sofisticated algorithm that:

1. checks what the software might do; if it fails
2. reads the user mind to understand if he knows about it; if it fails
3. will make a secret phone call to Steve Jobs and ask him and only if it fails
4. will ask for user's consent so 4. will be very unlikely to happen. While performing point 1. will also check and determine if the software will end at a point in the future or not and thus proving that undecidability of software termination is completely bogus. And this for just 129.99$ [quote] Really? I doubt it. [/quote] In reality I guess the fault here is in the guy that is trying to explain what a sandbox is. The funny thing is that the most dangerous application bundled in the OS (Safari) is not sandboxed. Apple really cares about security!!!

• Anonymous
  December 02, 2007
  The comment has been removed
• Anonymous
  December 09, 2007
  shrug Security consultant for 10 years, Windows Administrator for 15, UNIX / Linux hacker for 8. I hardly ever read neither Apple's nor Microsoft completely-fictional-marketing-propaganda, so I don't know about the claims you're talking about in Leopard. I do read technical documents and source code. I don't deem security to be the most important thing in a desktop system, but I do value my privacy a lot. Oh, I'm running OSX, by the way.