Re: Plain text password for Microsoft (icwip.dun)

From: Blue Boar (BlueBoarat_private)
Date: Tue Jul 09 2002 - 17:00:24 PDT

Next message: Joerg Mayer: "Re: Plain text password for Microsoft (icwip.dun)"

Previous message: Brett Moore: "Windows fuzz - Following on."
In reply to: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
Next in thread: dullienat_private: "Palladium"
Next in thread: Joerg Mayer: "Re: Plain text password for Microsoft (icwip.dun)"
Reply: dullienat_private: "Palladium"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>From what I can tell from the little detail I have read is that the system
> at both a hardware and software level will not run any program that is not
> properly signed (or whatever).  So, in order to get your arbitrary code to
> run, you need to be sure that the system will trust it -- which adds a bit
> of complication to the whole process but definately doesn't make it
> impossible.

It's not quite "program" signing... if you're talking about using an 
overflow or similar to execute code, then you'd be executing code within 
the context of a program that had been approved, at least when it was loaded.

One nice, real improvement that could be made to the x86 family is to have 
things like real read-only memory segments, real code and data seperation, 
etc... which is what you need to prevent overflows in hardware.

						BB

Next message: Joerg Mayer: "Re: Plain text password for Microsoft (icwip.dun)"
Previous message: Brett Moore: "Windows fuzz - Following on."
In reply to: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
Next in thread: dullienat_private: "Palladium"
Next in thread: Joerg Mayer: "Re: Plain text password for Microsoft (icwip.dun)"
Reply: dullienat_private: "Palladium"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 17:29:41 PDT