BTW, just to clear it up, I'm not trying to make this out to be an attack on LKRG specifically, I only mention it because it was brought up and because I could quickly look at some things in it (I like to know what I'm talking about before I comment ;)).
You keep trying to associate your blacklist with real security boundaries. I don't blame you, I would do the same, "Look, all medicine has limitations, we all agree on that. Antibiotics and homeopathy are not mutually exclusive, I'm just saying we can use both."
-
-
It's frustrating, because while I'm happy to discuss the problems with blacklisting, I don't want to keep explaining why it's not in the same class as ASLR, DEP and fixing vulnerabilities in security boundaries.
-
Here is a question for you, I think the market value of a kernel memory corruption is quite high. Conversely, I think the market value of the name of a struct or whatever you can corrupt with an arbitrary r0 rw is zero, how do you explain that disparity?
- 17 more replies
New conversation -
-
-
Not that at all. I'm making no statement at all regarding security boundaries. Your stated position is that all detection-based efforts are about as useful as homeopathy; i.e. have no impact or usefulness whatsoever. I feel that position might be a tad disingenuous;
-
in that the detection industry has some success w.r.t. identifying actual breaches. Sure there's stuff that slips through (determined, targetted attacks) and it's a bit of an opportunisitc cat&mouse but it's more analogous to 'anitbiotics' than 'homeopathy'
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
