Re: [qubes-users] TVM ASLR-exploit-proof?

2016-10-17 Thread 10378213217831783789
Hello,

Tails is also using ASLR security tech now...

https://fossbytes.com/tails-2-6-secure-linux-os-snowden-updated-tor-and-kernel/

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b310ec2-0b3a-48b3-831c-7e7c2902fd1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] TVM ASLR-exploit-proof?

2016-10-17 Thread 0923718973178347240243
Hello Rudd-O,

here is an interessting concept, in some way they reach the RAM randomization 
by one central DLL (for Windows Plattforms only), but it works direct on the 
fly for all apps and libs!!!

http://www.morphisec.com/how-it-works/

Wow, not bad!

This will be much more robust.
And in parallel they keep the honypot, to run the law enforcement procedures 
against intruders.

Here are some critical view to ASLR:

http://blog.morphisec.com/aslr-what-it-is-and-what-it-isnt/

But for sure, the randomization will need a good non-deterministic random 
generator and a fast random update sequence (in Seconds) because 4 GB are quite 
endless...

Would it makes sense to implement a similar fast not-deterministic randomization
tech into the Qubes to overcome some standard template vulnerabilities, with 
smart countermeasurements?

Kind Regards
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f27cd0f8-c6d4-40b3-b33c-90284e85dba4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] TVM ASLR-exploit-proof?

2016-10-14 Thread Manuel Amador (Rudd-O)
On 10/14/2016 01:26 PM, 917832409173409178324097 wrote:
> Hello,
>
> can ASLR tech help to build a hard template VM for Qubes?
>
> https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/
>
> checksec.sh: 
> How important it is that all libs and executables are PIE-compiled?
> Are 100% of the TVM PIE compliant?
>
> https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf
>
> Will ASLR-NG mitigate the ASLR-weaknesses?
>
> The rerandomization should be fast enough or be able to detect some 
> brute-force attacks.
>
> There are other exploit-strategies, which sould be taken into account, so 
> that the TVM is hard enough to resist the contact with the web (ebanking) - 
> or the QAchitecture is adressing all of them?
>
> Heap-Spraying?
> Egg-Hunting?
> ROP?
> DEP?
> SEHOP?
> SafeSEZ?
> Stack Cockies?
> SEH overflows?
> stack overflows?
>
> or others?
>
> It looks that there are many methods around to inject shellcode in some way...
>
> https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
>
> Kind Regards
>

This would be really nice, but basically you're talking about hardening
Fedora, so this should probably be done with upstreaming the work in
mind.  Perhaps we begin with a template on Qubes OS that we can use, and
piece by piece, the modifications to that template can get upstreamed. 
Eventually the template will no longer be necessary.


-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3fa020b9-2b92-df63-0dce-70ed805321bd%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] TVM ASLR-exploit-proof?

2016-10-14 Thread 917832409173409178324097
Hello,

can ASLR tech help to build a hard template VM for Qubes?

https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/

checksec.sh: 
How important it is that all libs and executables are PIE-compiled?
Are 100% of the TVM PIE compliant?

https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf

Will ASLR-NG mitigate the ASLR-weaknesses?

The rerandomization should be fast enough or be able to detect some brute-force 
attacks.

There are other exploit-strategies, which sould be taken into account, so that 
the TVM is hard enough to resist the contact with the web (ebanking) - or the 
QAchitecture is adressing all of them?

Heap-Spraying?
Egg-Hunting?
ROP?
DEP?
SEHOP?
SafeSEZ?
Stack Cockies?
SEH overflows?
stack overflows?

or others?

It looks that there are many methods around to inject shellcode in some way...

https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a99b301-e162-4069-b131-91ab9d12925f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.