I'm glad
> Good paper; Since this is out there I figure I'll forward the much
> shorter article I wrote that details an attack against the contact
> gadget, which was patched last month.
Thanks, it's pretty interesting to see the various PoC coming out in almost in
synchronisation with the paper. I'm glad I'm not the only one concerned by
the functionality they provide.
Roger wrote:
> Yes, this is a "new" attack vector, but it is always game over anyway if
> I can get you to run my untrusted program. In my testing, installing
> can attack yourself.
> 192.168 cannot be access from the internet ;-)
> [unless you NAT at which point its your NAT config problem]
Wow, I'm glad to hear that machines with private addresses can't be
attacked unless NAT is misconfigured. I'm also glad that we only have to
worry about attacks coming directly from the Internet, and that our LANs
are as safe as ever.
I'll stop worrying about securing Intranet devices and applications, and
KNOW about which program to use. But in your case DoS effect is better when
Firefox does not know about program, then if it does know.
> (I'll post it on my own website anyway, giving you credit too of course.)
Thanks. I'm glad that my blocking DoS and DoS via resources consumption
exploit give you inspiration to find new way to attack Firefox and IE7 ;-).
> Internet Explorer 7 version: 7.0.5730.13 will by the way consume up to 70%
> of the CPU if the same script is run.
List,
I'm glad to release the fifth beta of w3af. For those that still
don't know, w3af is a fully automated auditing and exploiting
framework for the web. More info can be found at
http://w3af.sourceforge.net/ .
They are really *a lot* of changes from beta4 to make an detailed
list, but a small summary will give you an idea of the new features I
have been working on:
Hi Fernando+list
I'm glad to see that someone takes aim at this issue.
However, it seems that your proposal only attempts to address one
consequence of predictable TCP source ports, namely blind TCP attacks
(in all fairness, it appears that the object of your proposal is to
solve the blind TCP attacks, rather than the issue of predictable TCP
source ports; I look at it the other way around...). Naturally this is a
major outcome, but there are still other consequences, perhaps less
I'm glad you finally seemed to make the 'bug' fixing team of Debian aware of security issues. I'm just glad I personally haven't seem this much scrutiny from the security team or my faith in Debian maintainers in all areas would significantly drop even more. Nice find.
> on someone else's nameservers).
Sure - but that just adds more cycles to your firewall, and does nothing
for back end reporting. These sets directly integrate that
functionality, both filtering and reporting, directly on the box, and is
far more efficient in my opinion... But, it's a great point and I'm glad
you shared that.
>
> > Sure, if I wanted to block all of China I could block APNIC, but
> > that would block WAY more than I would want.
> hgfs ("Shared Folders") support, there is also the vmmemctl module,
> which returns unused memory pages back to the host OS, which allows
> overcommitting if necessary (on my system it just ensures that I can
> use as much of the RAM as possible).
I'm glad you're getting some utility from them, you're part of the
demographic they wrote them for. But, odds are, you're also part of the
demographic that still doesn't have practical impact by this. You probably
admin your own box as well as the vms you develop in. If your host has
gotten exploited, whether or not they can execute something in a vm is the
least of your problems. Once again, host security rules all.
thus, the issue is not really a problem, I just go ahead and publish
so the users can decide what to do. This is an open-source project,
so any user that is security-aware could apply a patch themselves.
If you have further questions, I'm glad to help.
Best Regards,
>> can attack yourself.
>
>> 192.168 cannot be access from the internet ;-)
>> [unless you NAT at which point its your NAT config problem]
>
> Wow, I'm glad to hear that machines with private addresses can't be
> attacked unless NAT is misconfigured. I'm also glad that we only have to
> worry about attacks coming directly from the Internet, and that our LANs
> are as safe as ever.
A security "problem" that is only a problem if security =elsewhere= has
>> can attack yourself.
>
>> 192.168 cannot be access from the internet ;-)
>> [unless you NAT at which point its your NAT config problem]
>
> Wow, I'm glad to hear that machines with private addresses can't be
> attacked unless NAT is misconfigured. I'm also glad that we only have to
> worry about attacks coming directly from the Internet, and that our LANs
> are as safe as ever.
A security "problem" that is only a problem if security =elsewhere= has
> > hgfs ("Shared Folders") support, there is also the vmmemctl module,
> > which returns unused memory pages back to the host OS, which allows
> > overcommitting if necessary (on my system it just ensures that I can
> > use as much of the RAM as possible).
>
> I'm glad you're getting some utility from them, you're part of the
> demographic they wrote them for. But, odds are, you're also part of the
> demographic that still doesn't have practical impact by this. You probably
> admin your own box as well as the vms you develop in. If your host has
> gotten exploited, whether or not they can execute something in a vm is the
> least of your problems. Once again, host security rules all.
|
