Hello all,
I do not agree with Mike's point of view. Of course the unique way to cheat a
system is to understand how it is working, and to abuse it. But the main
difference is that you can hardly talk about protocol in the case of
applications: if you have a given protocol, you 'just' need to
Doesn't an execution sandbox serve similar funtions to a firewall, but at
the host level? Can't even more control be added to a sandbox than can be
set on a firewall?
Second, doesn't a host based firewall (even on desktops) provide the
security you are talking about (providing they work propery
Hi Michael,
I think thinking about firewalls and protocol analysis is missing the point
almost entirely. Remember, the subverted client is behaving itself from the
perspective of the server. It's just doing normal game client things...only in
the case of a bot it is being driven by outside
Greetings SC-Lers,
Here's a great success story regarding Mozilla's new open source
fuzzer that they just released during the blackhat conference:
http://www.informationweek.com/story/showArticle.jhtml?
articleID=201800584cid=RSSfeed_IWK_News
Kudos to the Opera team!
Cheers,
Ken
-
What are folks' experiences with software security training for
developers? By this, I'm referring to teaching developers how to write
secure code. Ex. things like how to actually code input validation
routines, what evil functions and libraries to avoid, how to handle
exceptions without
On 8/17/07, Gary McGraw [EMAIL PROTECTED] wrote:
Hi,
The point here is NOT to pull a person-in-the-middle attack against the
protocol, but rather to subvert the client completely and have the subverted
client do all of your talking for you. The most advanced (game)bot
techniques that we