Re: [SC-L] Intel turning to hardware for rootkit detection

Smashguard, if I recall correctly, offers approximately the protection of existing compiler methods, but with the added fun of requiring modified (non-existent) hardware. The referenced hardware in the IEEE article and the intel.com pages appears to be some descendant of Palladium; it is a hardwar

RE: [SC-L] Intel turning to hardware for rootkit detection

Isn't Smashguard the same technology (in software) added to the latest Microsoft .NET compiler and run time?   While protecting against one method of hijacking a system (altering the function return address) - it really doesn't protect from inserting your own code into a stream and then using

Re: [SC-L] Intel turning to hardware for rootkit detection

At 1:33 AM -0800 12/14/05, Crispin Cowan wrote: > Smashguard, if I recall correctly, offers approximately the protection > of existing compiler methods, but with the added fun of requiring > modified (non-existent) hardware. > > The referenced hardware in the IEEE article and the intel.com pages >

RE: [SC-L] Intel turning to hardware for rootkit detection

No, that's a copy of stackguard. The real problem with all of these approaches is that they don't fix the root problem. Finding and removing buffer overflow conditions with a static analysis tool is far superior. gem -Original Message- From: Michael S Hines [mailto:[EMAIL PROTECTED

RE: [SC-L] Intel turning to hardware for rootkit detection

At 9:14 AM -0500 12/14/05, Gary McGraw wrote: > No, that's a copy of stackguard. The real problem with all of these > approaches is that they don't fix the root problem. Finding and removing > buffer overflow conditions with a static analysis tool is far superior. But still better is using a pro

RE: [SC-L] Intel turning to hardware for rootkit detection

Ah yes. Type safety to all, and to all a good night. gem -Original Message- From: ljknews [mailto:[EMAIL PROTECTED] Sent: Wed Dec 14 11:36:20 2005 To: Secure Coding Mailing List Subject:RE: [SC-L] Intel turning to hardware for rootkit detection At 9:14 AM -0500 12/14/05

RE: [SC-L] Intel turning to hardware for rootkit detection

On Wed, 14 Dec 2005, ljknews wrote: > At 9:14 AM -0500 12/14/05, Gary McGraw wrote: > > No, that's a copy of stackguard. The real problem with all of these > > approaches is that they don't fix the root problem. Finding and removing > > buffer overflow conditions with a static analysis tool is

[SC-L] Countering Trusting Trust through Diverse Double-Compiling

Everyone here should be familiar with Ken Thompson's famous "Reflections on Trusting Trust." If not, see: http://www.acm.org/classics/sep95/ The "trusting trust" attack subverts the compiler binary; if the attacker succeeds, you're doomed. Well, til now. I've written a paper on an approach to co

Re: [SC-L] Countering Trusting Trust through Diverse Double-Compiling

On Wednesday 14 December 2005 16:40, David A. Wheeler wrote: > I've written a paper on an approach to counter this attack. See: > "Countering Trusting Trust through Diverse Double-Compiling" > http://www.acsa-admin.org/2005/abstracts/47.html Thanks for sharing it here, David. > Here's the abs