|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] ASN.1 Vulnerability Could Allow Code Execution (828028); Microsoft Security Bulletin MS04-007
From: Dave Aitel (dave
immunitysec.com)
Date: Wed Feb 11 2004 - 11:15:44 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I would assume that like all public announcements, it will imped people
with (former) 0day from hacking into systems. My position has always
been that using public exploits is a for QA and "pen-testers" and that
hackers focus primarily on 0day. A good forign intel service (or hacker
group, for that matter) probably penetrated Microsoft long ago, and
doesn't need any exploits.
To expand on this, I would say that:
HUMINT (bribing (or being) microsoft janitors to get you access)
SIGINT (hacking using that trusted access to gain further access to cvs
trees internally to plant the backdoor)
Denial and Deception (used as a feedback loop and to protect from a
strategic threat - Russia had no need for MS source, but having it
officially closed a few holes in their cover, no doubt)
are a strategic triad, much the way subs, planes, and ground based
weapons are. Traditional hackers can cover only one of these (to truly
decieve your enemy, you have to KNOW your enemy and few hackers can
claim to do that).
Of course, the risk to DoD systems has probably just gone up from
intelligence systems in smaller european and asian countries who haven't
got a top-notch vulnerability research team (or connections to one) and
who haven't penetrated MS, but who will quickly capitalize on public
information. I'm sure there's generals out there having nightmares of a
turned private with a souped-up copy of something CANVAS-like wandering
their networks. My bet is that this sort of threat is 5 years off
though. My take on when a medium-strength group (intel or otherwise)
would have had this information is from the date that eEye reported it
to Microsoft, not from public release. I'd be certain that all the
internal MS mailing lists on security (and access to bugcheck, etc) leak
all over the place.
This is all just gut-feel and a subscription to stratfor.biz and the
economist though.
-dave
Bradley, Terry (CONTR) wrote:
> Dave,
>
>
>
> Do you think the public announcement of the latest Microsoft
> vulnerability
> (http://microsoft.com/technet/security/bulletin/MS04-007.asp) will
> prove to be a boon to foreign intelligence services seeking to hack
> into DoD systems? Enquiring minds want to know.
>
>
>
> ;)
>
>
>
> tb
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Dailydave mailing list
>Dailydavelists.immunitysec.com
>http://www.immunitysec.com/mailman/listinfo/dailydave
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]