|
|
BugTraq
Preventing exploitation with rebasing Feb 04 2003 05:08AM David Litchfield (david ngssoftware com) (7 replies) Re: Preventing exploitation with rebasing Feb 05 2003 01:41PM dullien gmx de (1 replies) Re: Preventing exploitation with rebasing Feb 04 2003 10:52PM David Litchfield (david ngssoftware com) (2 replies) Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM sd hysteria sk (1 replies) Re: Preventing exploitation with rebasing Feb 04 2003 11:20PM David Litchfield (david ngssoftware com) Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM Torbjörn Hovmark (torbjorn hovmark abtrusion com) Re: Preventing exploitation with rebasing Feb 04 2003 11:38AM Charlie Root (weedpower home ro) (4 replies) Re: Preventing exploitation with rebasing Feb 06 2003 01:00AM Deus, Attonbitus (Thor HammerofGod com) Re: Preventing exploitation with rebasing Feb 04 2003 08:08PM Brian Hatch (bugtraq ifokr org) (2 replies) Re: Preventing exploitation with rebasing Feb 04 2003 06:38PM David Litchfield (david ngssoftware com) (1 replies) Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Feb 05 2003 05:32PM Halvar Flake (halvar gmx net) Re: Preventing exploitation with rebasing Feb 04 2003 11:34AM Eugene Tsyrklevich (eugene securityarchitects com) Re: [VulnDiscuss] Preventing exploitation with rebasing Feb 03 2003 09:49PM Michal Zalewski (lcamtuf coredump cx) |
|
Privacy Statement |
instead of opinions.
Brian Hatch <bugtraq (at) ifokr (dot) org [email concealed]> wrote:
> People keep saying "but it won't stop everything", and that's true.
Exactly. Even DES isn't "perfectly" secure, (i.e. unbreakable). It
*obfuscates* the data, but does not *secure* it. The benefit of DES
is that it has a provable level of obfuscation.
This takes the security versus obscurity argument from the realm of
personal opinion to one of quantitative statements. We should have a
similar goal for this discussion.
> But since when have we turned down a security procedure that is
> not a silver bullet against all evils? I'd love to make it harder
> for worms to attack my systems. I'd love for them to take longer
> to break into the machines down the hall. That means things will
> spread slower, and we can stop the damage quicker. Why is this bad?
It's not. But many people are of the opinion that if a solution
isn't perfect, then it's not "secure". They can then argue that no
security is somehow "better" than an imperfect system.
The problem with those kinds of arguments is that they don't define
the terms used, or what basis is used for the measurements. The
appropriate response is to ignore personal opinions, and instead ask
for clarifications of terms like "useful", or "better".
If attacks can be trivially re-written to work around rebasing,
then it's obvious that rebasing changes the form of the attack, but
not it's potential to succeed.
If rebasing means that attacks have provably a lower probability of
succeeding, then it's obvious that rebasing gives some additional
level of obfuscation, which is generally called "security".
> ... any administrator who has such a "mental" vulnerability probably
> has several other non-rebasing related vulnerabilities on their
> servers anyway. They probably think that a firewall stops all
> attacks, so wouldn't bother rebasing in the first place. This is
> not a satisfying argument against rebasing.
It's an ad-hominem attack with no substance. "Stupid people use
your solution, therefore your solution doesn't help."
Security analysis of algorithms has always been done on the
assumption of perfect implementation. Analysis of implementation or
deployment/configuration bugs is a seperate analysis.
Alan DeKok.
[ reply ]