Hello all, I do not agree with Mike's point of view. Of course the unique way to cheat a system is to understand how it is working, and to abuse it. But the main difference is that you can hardly talk about protocol in the case of applications: if you have a given protocol, you 'just' need to build a firewall that checks that the protocol is properly working. In the case of software level insider attack, you would therefore need a dedicated firewall for every application you provide, which seem difficult both in term of development and performance cost.
The differences I see between the two cases are the following: - attacks are now performed at the applicative level. And no simple interface between the user and the application can be identified, since a heavy client is involved (the interface is no longer a single protocol, but a whole application). - the matter becomes even worse if the systems are dynamic (such as with MIDP, or OSGi, or any plug-in mechanism), which does not yet occurs with online games, but soon could. last case make a shift in the potential attacks quite likely: it is sufficient to make malicious components freely available to perform attacks, even without illegally modifying existing code. The problem of client-based attack is bound with the one of integration of off-the-shelf components: how is it possible to control the execution process for every self-developed of third party, local or remote, piece of code ? Both involve application level 'protocols' to perform insider attacks, which are not so easy to tackle, I.e what Gary is describing is (to my view) not the ultimate insider, but a step toward a worsening of the security state of systems. regards, Pierre P. Quoting silky <[EMAIL PROTECTED]>: > i really don't see how this is at all an 'insider' attack; given that > it is the common attack vector for almost every single remote exploit > strategy; look into the inner protocol of the specific app and form > your own messages to exploit it. > > > > On 8/15/07, Gary McGraw <[EMAIL PROTECTED]> wrote: > > Hi sc-l, > > > > My darkreading column this month is devoted to insiders, but with a twist. > In this article, I argue that software components which run on untrusted > clients (AJAX anyone? WoW clients?) are an interesting new flavor of insider > attack. > > > > Check it out: > > http://www.darkreading.com/document.asp?doc_id=131477&WT.svl=column1_1 > > > > What do you think? Is this a logical stretch or something obvious? > > > > gem > > > > company www.cigital.com > > podcast www.cigital.com/silverbullet > > blog www.cigital.com/justiceleague > > book www.swsec.com > > > > _______________________________________________ > > > -- -- Pierre Parrend Ph.D. Student, Teaching Assistant INRIA-INSA Lyon, France [EMAIL PROTECTED] web : http://www.rzo.free.fr _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
