The Devil And The Deep Blue Sea

Threat level definition

The Devil And The Deep Blue Sea
Jon Lasser, 2002-07-17

Why Microsoft's Palladium project threatens to send Linux and open-source into exile.

Expand all | Post comment

And the major security goals don't need hardware 2002-07-18
Nicholas Weaver (1 replies)

And the major security goals don't need hardware 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
Anonymous (6 replies)

The Devil And The Deep Blue Sea 2002-07-18
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
Anonymous

Unbelieveable 2002-07-18
Anonymous (5 replies)

Unbelieveable 2002-07-19
Anonymous (2 replies)

Unbelieveable 2002-07-20
Anonymous

Unbelieveable 2002-07-21
Anonymous

Unbelieveable 2002-07-19
Anonymous

Unbelieveable 2002-07-19
Martin Schoch

Unbelieveable 2002-07-20
Anonymous

Unbelieveable 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-18
blacklight (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

Take a chill pill 2002-07-18
Anonymous Bastard (3 replies)

take your own advice 2002-07-19
rsullivan@art-line.com (1 replies)

Re: take your own advice 2002-07-19
Anonymous Bastard (2 replies)

Re: take your own advice 2002-07-19
Anonymous (2 replies)

happy x86 processor world? riiiiight... 2002-07-19
Anonymous (1 replies)

happy x86 processor world? riiiiight... 2002-07-22
Anonymous

Re: take your own advice 2002-07-21
Anonymous

Re: take your own advice 2002-07-19
Anonymous

Re: Take a chill pill 2002-07-19
Jm4n

Take a chill pill 2002-07-21
Anonymous

And they expect JIT Java and .NET compilers to operate? 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous (1 replies)

OSS version of Palladium 2002-07-20
Abri

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
SkyLeach

Palladium and buffer overflows 2002-07-19
Anonymous (6 replies)

Palladium and buffer overflows 2002-07-19
Anonymous

Palladium and buffer overflows 2002-07-19
Anonymous

Palladium and buffer overflows 2002-07-20
bufferoverwhelmed

Palladium and buffer overflows 2002-07-20
Anonymous

Palladium and buffer overflows 2002-07-21
Anonymous

Palladium would NOT stop buffer overflows... 2002-07-21
Nicholas Weaver

Pride goeth before a Fall 2002-07-19
Anonymous

Couldn't _anyone_ make a "signature stamp"? 2002-07-19
Mad Ivan

No evidence for these claims 2002-07-19
Tamperbell (2 replies)

No evidence for these claims 2002-07-22
Anonymous

No evidence for these claims 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-19
Anonymous

no, buffer overflows do not modify excecutable code. A buffer overflow is what happens when a chunk of allocated memory devoted to storing transient data (i.e.: keystrokes, filesystem caches) before it can be processed "overflows" it's allocated space and "spills over" either into other data, or excecutable code, corrupting it, or the OS catches the error and kills the application. Not all buffer overflows are security exploits - most are just badly written crashy code. However, sometimes a buffer overflow can cause a security feature to fail while the application stays up (at least for a short little while) and excecute code. Under linux that is only a serious problem if the application is running as root.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/96/15734#15734

MSFT won't fix Outlook so we must lock hardware? won't work 2002-07-20
Anonymous

Alternate hardware 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-20
Anonymous

THE DEVIL AND THE DEEP BLUE SEE 2002-07-20
NSS ( Network Ssecurity Systems)

It's all about trust 2002-07-20
Anonymous

The Devil And The Deep Blue Sea 2002-07-21
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

The Devil And The Deep Blue Sea 2002-07-22
Anonymous

The Devil And The Deep Blue Sea 2002-07-23
Anonymous (1 replies)

The Devil And The Deep Blue Sea 2002-07-23
Anonymous

I will never buy it and anyone who is smart won't either. 2002-07-23
Anonymous (1 replies)

I will never buy it and anyone who is smart won't either. 2002-07-25
Anonymous

And even money can be forged.... why not code? 2002-07-25
José Azevedo

Copyright and Anti-piracy laws 2002-07-29
Anonymous

It is time for "security enhanced linux" to be put on the front burner NOW! 2002-07-29
100% of distros should be 100% SE Linux

Privacy Statement
Copyright 2008, SecurityFocus