Wow so negative. I agree this idea is far fetch, but I thinker should look past his specific idea instead look at what he wants to accomplish. From a technical point we should focus on behavior heuristics not signature base. I've yet to see that in any IDS. What is currently out is signature base ( snort) or metric based (bro). We need to inspect future down to a application level and look at the behavior maybe some AI built into catching new attacks.

Sent from my iPhone

On Apr 26, 2011, at 12:11 PM, Omar Salvador Alcalá Ruiz <oalcala (at) scitum.com (dot) mx [email concealed]> wrote:

> The problem I see with this is: How do you know which vulns will you cover? Most, if not all vulns, are discovered by trial & error, by mistake, or by somebody who is willingly trying to find a weakness in order to get something. Your approach has infinite variations... How will u deal with that?
>
> Even if you get a 100% clean and vuln-free code, a thing I think has never happened before, you can try to deceive stuff, or even better, people.
>
> Bottom line: I think a vuln-based exploit HIDS/HIPS is comparable to wishing all people in the world understand technology and how it works: utopia.
>
> Regards
>
>
>
> -----Mensaje original-----
> De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] En nombre de learnmsfre (at) gmail (dot) com [email concealed]
> Enviado el: domingo, 24 de abril de 2011 03:37 a.m.
> Para: focus-virus (at) securityfocus (dot) com [email concealed]
> Asunto: It will work? an idea
>
> Hi Everyone!
>
> I have an idea to share with you guys to know whether it can be implemented or not?
>
> Idea is, people write exploits for discovered public vulnerabilities, and infect target system which is not yet patched. If vendor release patch and client install released vendor patch or third party, then exploit is outdated for that particular system. And we can write more than one exploit for single vulnerability. Everybody use MS Office, Adobe Acrobat, and we have a finite number of vulnerabilities in these two software, and a number of exploits can be written based on these public vulnerabilities. So, idea is to develop an open source HIDS that defeat vulnerabilities based exploits. Initial focus is on MS Office, Adobe Acrobat because these are commonly used software and if we are able to defeat client side attacks targeting these two software, it would be a remarkable achievement and this HIDS would benefit community by protecting client side attacks in these commonly used software. So:
>
> 1- It will benefit community?
>
> 2- To what level idea is practical?
>
> Regards:
>
> Umar
>
> ------------------------------------------------------------------------
---
> This list is sponsored by: Black Hat
>
> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
> technical event for ICT security experts. Featuring 30 hands-on training
> courses and 90 Briefings presentations with lots of new content and new
> tools. Network with 4,000 delegates from 70 nations. Visit product
> displays by 30 top sponsors in a relaxed setting.
>
> http://www.blackhat.com
> ------------------------------------------------------------------------
---
>
>
> ------------------------------------------------------------------------
---
> This list is sponsored by: Black Hat
>
> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
> technical event for ICT security experts. Featuring 30 hands-on training
> courses and 90 Briefings presentations with lots of new content and new
> tools. Network with 4,000 delegates from 70 nations. Visit product
> displays by 30 top sponsors in a relaxed setting.
>
> http://www.blackhat.com
> ------------------------------------------------------------------------
---
>

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

[ reply ]