Update
Saturday, 16. August 2008, 11:34:28
Wow, I haven't written a post in a long time. I've moved to Switzerland since my last post, still working on the same team. I was originally planning to move to California, but Zurich became an option at some point and meant I didn't have to wrestle with the US immigration system, so this worked out perfectly :-)
I have some saved posts near completion on debugging that I had completely forgotten about, I'll post these soon (or maybe I should move to blogger now, I'll try it out)
Some security news, I'm not usually involved with windows security, but recently did some experimentation with a few tools I've developed or contributed to at work, and tried making them apply to windows software. I actually found several serious vulnerabilities in Internet Explorer using this method, and the first one was just recently released here (more to come):
http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
What has surprised me is that nobody has asked me for any details on the issue I reported, Microsoft didn't give away many details (certainly not enough for an IDS sig), and I haven't released any advisory, so I would have expected one of the big IDS vendors whose entire business model is getting these signatures before vulnerabilities are exploited would want to email me before someone bindiffs the patch, but that hasn't happened (even though I would be more than happy to discuss the vulnerability with anyone who cared).
(Not that IDS offer any real protection or represent real security, of course they undoubtedly reduce overall security by dramatically increasing attack surface, but they do seem to be big business)
I have some saved posts near completion on debugging that I had completely forgotten about, I'll post these soon (or maybe I should move to blogger now, I'll try it out)
Some security news, I'm not usually involved with windows security, but recently did some experimentation with a few tools I've developed or contributed to at work, and tried making them apply to windows software. I actually found several serious vulnerabilities in Internet Explorer using this method, and the first one was just recently released here (more to come):
http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
What has surprised me is that nobody has asked me for any details on the issue I reported, Microsoft didn't give away many details (certainly not enough for an IDS sig), and I haven't released any advisory, so I would have expected one of the big IDS vendors whose entire business model is getting these signatures before vulnerabilities are exploited would want to email me before someone bindiffs the patch, but that hasn't happened (even though I would be more than happy to discuss the vulnerability with anyone who cared).
(Not that IDS offer any real protection or represent real security, of course they undoubtedly reduce overall security by dramatically increasing attack surface, but they do seem to be big business)
WIDGETIZE
Anonymous # 16. August 2008, 14:15
Maybe they've already seen the t-shirts. ;)
I wonder if Microsoft provides IDS vendors with more detailed descriptions of vulns.
Anonymous # 3. September 2008, 00:54
I would be inclined to suggest that the big players in the IPS world have enough talented people that they can reverse the patch themselves (not officially of course :)