Re: Overview Of New Intel Core i7(Nehalem) Processor

On Thu, 11 Jun 2009 10:43:41 +0000, Jan Panteltje wrote:

Security-wise, any shortcomings of the x86 are small beans compared to the
abominations known as JavaScript and PHP.

Both of these languages have significant deficiencies, in spite of being
targeted at novice programmers and a hostile environment, where you
really need something which is both idiot-proof and evil-genius-proof.

It is true, what you say, but I do believe 100% secure soft is not
possible.
Especially with evil 'geniuses'.

True enough, but if a particular model of car only did 10mph, saying
"well, you can't exceed the speed of light anyway" wouldn't be
considered much in the way of mitigation.

The whole thing has become a sort of trend, companies releasing ever new
'security updates' (it does not really even matter what language their
stuff was written in), like Firefox, MS, Adobe, anyone.

It is like a house, first you brick the windows, bolt the doors, then
they come through the sink, so you put a lock on that too. then the
chimney... so you put a lid on that too, etc... it no longer, makes
sense, and all the updates take to much time and slow things down,
overload the net, etc.

Yeah, but PHP is like building the house from tissue paper.
Getting "perfect" security is unrealistic. Doing better than PHP is
somewhere between straightforward and "you would have to try really hard
to do any worse".

So we need better enforcement, like you have police to keep guys from
robbing the house. But .. nothing is enforced. Spammers still spam,
zillions of websites are infected with all sorts of dubious scripts,
worms and viruses even on DVDs with soft from reputable companies,
botnets that nobody can even find out who control those.. And guess who
is behind all that (no it is not paranoia showing), it is the anti-virus
soft companies! Follow the money, it is THEM who have an interest in
this. That is why I think people like Karpersky should be locked up, not
given a reward as in Russia (well he probably works for the Putin club,
so yes, I understand why they give him an award, but really, his
releases of the DNS attacks did a hellofalot of harm and cost me hours
of time).

So enforcement, if you want to take Internet serious for business.
And enforcement in an intelligent way, not cutting people of because
they shared some music files or something. Access to Internet has become
essential in many ways in today's society, so get the bad guys.

Easier said than done. You could easily spend tens of millions of
pounds/dollars/euros investigating and prosecuting a single case. That's
if you can get the cooperation of all of the countries hosting the chain
of compromised systems through which the attack was routed. And if you can
get it fast enough, before the far end of the chain vanishes into the
ether.

In stead of building a concrete shell around your house (closing all
holes like buffer overflows in your soft), make sure that what comes out
of the DSL connection is clean. Now *how* to do that... I have no I
idea, but I would start at the ani-virus companies... Maybe it would be
a good idea if MS added ani-virus stuff internal to their soft, it would
put those anti-virus companies that spread viruses to enhance their
business out of business. That is my view.

Anti-virus is a band-aid, treating the symptoms rather than the cause. The
only reliable place to protect against an attack is within the program
which is the target of the attack, as only it has all of the relevant
information available.

E.g. trying to protect against HTML-based exploits (XSS, XSRF, etc)
requires parsing the HTML the same way as the target will. If the AV
parses it according to the W3C spec rather than what the browser uses, the
mismatch allows someone to craft an attack which slips past the AV and
works as intended on the target. If you don't know how the browser will
parse it (and I very much suspect that even Microsoft couldn't tell you
the exact syntax which any given version of IE will accept for any given
construct), you're stuck crossing your fingers and hoping for the best.

A simple example of where implementing protection upstream fails is when
web servers attempt to control which files can be accessed. You implement
a list of filenames, and reject URLs which match. E.g. you prohibit
access to /SecretFile.txt, so:

http://victim.com/SecretFile.txt

fails. But:

http://victim.com/../htdocs/SecretFile.txt

works fine. So you block that, but some versions of Windows allowed "..."
as an alias for "../..", so:

http://victim.com/.../www/htdocs/SecretFile.txt

works. You block that as well, so the attacker uses the MSDOS 8.3 name:

http://victim.com/Secret~1.txt

The first 2 years of IIS' life was one long game of whack-a-mole, with
researchers discovering all of the different aliases for a file, and MS
updating the checks to catch the aliases, before it eventually sunk in
that any text-based comparison wasn't going to work, and they resolved
both the requested filename and the names from the block list to check
whether they were actually the same file.

Of course, that approach can only work on the host running the IIS server.
There's no way an intermediate proxy can perform this check without access
to the filesystem.

More generally, if you need to prohibit some kind of action, the most
reliable way to do it is to place the check *immediately* before the
action is carried out, so that you catch every possible alternative route.

[In some cases, it may be preferable to perform the check *afterwards*, as
determining what has happened may be more reliable than predicting what
will happen. E.g. once you've open()ed a file, fstat() will tell you what
you really open()ed; lstat()ing it before the fact can be vulnerable to
renaming or linking tricks.]

If you want to protect your posessions, securing the house is easier than
securing the garden. Putting your valuables in a safe and securing that is
easier still. Hence the notion of an "attack surface". The surface gets
larger (and harder to protect) as you get further away from the ultimate
target.

.

Relevant Pages

  • Re: Overview Of New Intel Core i7(Nehalem) Processor
    ... Well php is not that bad really, if you use it sparingly with bad things disabled. ... of compromised systems through which the attack was routed. ... I would protect at the gate, have the fence around the house so to speak, ... If you want to protect your posessions, securing the house is easier than ...
    (sci.electronics.design)
  • Re: [Full-Disclosure] Mydoom: perfect storm averted or just ahead?
    ... Protect my computer at Berkley.edu because I don’t want ... > attack against another environment. ... While it is difficult to target a specific ...
    (Full-Disclosure)
  • Re: [4e] question about wizards
    ... However, as Henry Lockwood said in his reply, the published wizard does have ... Attack: Intelligence vs. ... The target is slowed. ... So it's a daily power, and I don't know if there are non-damaging powers ...
    (rec.games.frp.dnd)
  • Re: suicide bombing
    ... 11 Commando? ... attack was instrumental in causing damage to MIKUMA which contributed to her ... he proceeded to another target to do it again. ... interpret "suicide bomber" to mean someone whose targets include enemy ...
    (talk.origins)
  • Re: suicide bombing
    ... 11 Commando? ... attack was instrumental in causing damage to MIKUMA which contributed to her ... he proceeded to another target to do it again. ... interpret "suicide bomber" to mean someone whose targets include enemy ...
    (talk.origins)