Re: IIS Remote Exploit (injection code)

From: Dug Song (dugsongat_private)
Date: Wed Jun 16 1999 - 13:40:25 PDT

Next message: Crispin Cowan: "Diversity (was: IIS Remote Exploit (injection code))"

Previous message: pw: "C-Mail SMTP Server Remote Buffer Overflow Exploit"
Maybe in reply to: Greg Hoglund: "IIS Remote Exploit (injection code)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 16 Jun 1999, Ethan Benatan wrote:

> Very true, and this is a terrifically important message to get out...
> Diversity makes for resilience, and vice versa.

see stephanie forrest's work on computer immunology:

	http://www.cs.unm.edu/~immsec/

and to a lesser extent, random "canary" values in StackGuard:

	http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

and the introduction of randomness to defeat race attacks, predictable
sequence number attacks, etc. in OpenBSD:

	http://www.openbsd.org/crypto.html
-d.

---
http://www.monkey.org/~dugsong/

Next message: Crispin Cowan: "Diversity (was: IIS Remote Exploit (injection code))"
Previous message: pw: "C-Mail SMTP Server Remote Buffer Overflow Exploit"
Maybe in reply to: Greg Hoglund: "IIS Remote Exploit (injection code)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:44 PDT