News Items that Interested me this Week

Each week (ok, mostly every week!) I’ll post news items that interested me…

Security analysis of Checkpoint firewall
Of interest is the way around RedHat’s ExecShield buffer overflow defense.

Abusing chroot
This quote caught my attention: “If you have the ability to use chroot() you are root. If you are root you can walk happily out of any chroot by a thousand other means,” Alan Cox

Made For Hacking
There is nothing you don’t already know in this article, but it does explain to a laymen why we see some of the issues we see on the Internet.

What if We Had Vuln-Free Software?
Jeff Jones has a very jaded view of life sometimes, but he usually nails security issues, and this one is dead on the money IMO.

Auditing Open Source Software
I love looking at and learning from security bugs. This blog post is interesting, but offers no remedies for integer overflow issues, which makes the article of little use to the people that don’t understand the issue. If you want integer overflow remedies and defenses, I would highly recommend the excellent work of my co-author, David LeBlanc.

A couple of blog posts from researchers who attended Bluehat this year. It’s always good to see what these guys think…

Back From BlueHat

Back from the Microsoft Blue Hat conference

Apple Mac OSX – Leopard (Security. Safer by Design)
It’s always fascinating to see how companies attack (no pun intended) the security problem on their platforms, and the Mac is no exception. A couple of points from the security web page took my interest (emphasis, mine):

Tagging Downloaded Applications
Protect yourself from potential threats. Any application downloaded to your Mac is tagged. Before it runs for the first time, the system asks for your consent โ€” telling you when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.
[MH] hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista – asking for user consent? ๐Ÿ™‚

Enjoy a higher level of protection. Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what theyโ€™re intended to do
[MH] Really? I doubt it.

Comments (5)

  1. MikeA says:

    RE: What if We Had Vuln-Free Software?

    — Didnt you say this ages ago…

    Whilst I agree 100%, I have the feeling that flaws in the software will still be targeted even if we could aproach no vulnerabilities — which I doubt because programmers are human, make mistakes, and we’ve got no closer to "bug free" (as in traditional QA bugs) software in decades of work.  (config errors are in a different "bag" I feel – you can’t blame the software, but on the other hand it really shouldn’t be able to (easily at least) be configured in an insecure way)

    The reason (to me anyway) is that targeting of vulns in the software is much less "risky" for the attacker as it’s easier for them to keep their anonymity, and the attacks scale a lot easier.

    My $0.02 anyway.  Thanks for this post though Mike – it’s easy to miss news/articles that are interesting.

  2. paperino says:


    hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista – asking for user consent? ๐Ÿ™‚


    In reality Apple has developed a very sofisticated algorithm that:

    1. checks what the software might do; if it fails

    2. reads the user mind to understand if he knows about it; if it fails

    3. will make a secret phone call to Steve Jobs and ask him and only if it fails

    4. will ask for user’s consent

    so 4. will be very unlikely to happen. While performing point 1. will also check and determine if the software will end at a point in the future or not and thus proving that undecidability of software termination is completely bogus. And this for just 129.99$


    Really? I doubt it.


    In reality I guess the fault here is in the guy that is trying to explain what a sandbox is. The funny thing is that the most dangerous application bundled in the OS (Safari) is not sandboxed. Apple really cares about security!!!

  3. S.Vidyaraman says:

    Tagging Downloaded Applications

    Protect yourself from potential threats….applicable, what URL it came from.

    [MH] hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista – asking for user consent? ๐Ÿ™‚

    Yes and no …. yes in the concept of asking for user consent, no in the context of details ….. UAC, if I understand correctly, causes a intergrity level leap (from the default medium to high). From what the "Tagging Downloaded Applications" says, it sounds more like what XP does, which is mark applications as ‘blocked’ when downloaded .. only, XP asks you everytime you try to execute the app, unless you specifically go to the properties and say unblock. Of course, all this assuming the user can make the correct decision.

  4. Yaniv says:

    *shrug* Security consultant for 10 years, Windows Administrator for 15, UNIX / Linux hacker for 8.

    I hardly ever read neither Apple’s nor Microsoft completely-fictional-marketing-propaganda, so I don’t know about the claims you’re talking about in Leopard. I do read technical documents and source code. I don’t deem security to be the most important thing in a desktop system, but I do value my privacy a lot.

    Oh, I’m running OSX, by the way.