@kees_cook Yeah because blindly trying exploits wouldn't raise alarms otherwise... I'm puzzled
-
-
-
@lazytyped well, if a fixed kernel was silent about those probes, it could have value. I'm kind of on the fence, though. -
@kees_cook If it's a custom kernel you still have plenty of ways to gather information (date, version, changes gone in about the same time) -
@lazytyped yeah, vs distro kernels: less useful. vs custom kernels with unknown backport history: more useful. still on fence. -
@kees_cook fair enough (still IMHO enough info gathering is doable). But what is the ratio custom stuff/distro kernel out there? :) -
@lazytyped no actual clue, but I suspect CDNs outnumber everything else -
@kees_cook CDNs == ? (Sorry lack of English and acronyms on my side) -
@lazytyped Content Delivery Networks (e.g. Akamai, Amazon, etc) http://en.wikipedia.org/wiki/Content_delivery_network … - 1 more reply
New conversation -
-
-
@kees_cook Step 1) Run exploit Step 2) Disable logging Step 3) Skip straight to profit ???? -
@InsanityBit step 0: "find exploit" is in theory the noisy part. doesn't help with attackers that do research on their target first. -
@kees_cook Basic post exploitation 'research' would fix that. Plus, they just have to run all attacks faster than you log. Right? -
@InsanityBit it might help with forensics of the attack or the attribution if logging is over the network. -
@kees_cook Just seems very easy to work around as an attacker. Either heuristically detect kernel version first, or beat the log race.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.