Focus on Virus
It will work? an idea Apr 24 2011 08:36AM
learnmsfre gmail com (3 replies)
RE: It will work? an idea Apr 28 2011 06:32AM
IT_H_Security (IT_H_Security MahindraSatyamBPO com) (1 replies)
Hello Umar,

Your Idea is quite fantastic but following are the things which pop up
into my mind:

1. Even If we make databases of all the exploits available till date on
earth (practically impossible), how are we going to identify zero day
exploits.
2. Let's think of starting with a good amount of categorized exploits
for MS Office. How are going to differentiate between a normal MS Office
query (over network) and an exploited MS Office query.
3. What approach can be followed to remove FALSE positives (above two
points actually mean handling of FALSE positives).

Umar, I am really interested in HIDS concept, Please revert If my
concerns are legitimate.

FYI, I am a new bee to IT Security with just 2 yrs of experience, so
please ignore my points if they are wrong.

Thanks in Adv.

Nutan Vishwakarma

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of learnmsfre (at) gmail (dot) com [email concealed]
Sent: Sunday, April 24, 2011 2:07 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: It will work? an idea

Hi Everyone!

I have an idea to share with you guys to know whether it can be
implemented or not?

Idea is, people write exploits for discovered public vulnerabilities,
and infect target system which is not yet patched. If vendor release
patch and client install released vendor patch or third party, then
exploit is outdated for that particular system. And we can write more
than one exploit for single vulnerability. Everybody use MS Office,
Adobe Acrobat, and we have a finite number of vulnerabilities in these
two software, and a number of exploits can be written based on these
public vulnerabilities. So, idea is to develop an open source HIDS that
defeat vulnerabilities based exploits. Initial focus is on MS Office,
Adobe Acrobat because these are commonly used software and if we are
able to defeat client side attacks targeting these two software, it
would be a remarkable achievement and this HIDS would benefit community
by protecting client side attacks in these commonly used software. So:

1- It will benefit community?

2- To what level idea is practical?

Regards:

Umar

------------------------------------------------------------------------

---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier

technical event for ICT security experts. Featuring 30 hands-on training

courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------

---

DISCLAIMER:
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your co-operation in this regard is appreciated.

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

[ reply ]
Re: It will work? an idea Apr 28 2011 09:07AM
Vivek P Nair (iamherevivek gmail com)
RE: It will work? an idea Apr 26 2011 05:11PM
Omar Salvador Alcalá Ruiz (oalcala scitum com mx) (1 replies)
Re: It will work? an idea Apr 27 2011 10:27AM
Alex Vargas (vargasa gmail com)
Re: It will work? an idea Apr 26 2011 12:07PM
Nick FitzGerald (nick virus-l demon co uk)


 

Privacy Statement
Copyright 2010, SecurityFocus