On Sun, 11 Mar 2007, Jan Wrobel wrote:
On Fri, 9 Mar 2007, Bob Beck wrote:
* Jex <hewhohuntscats@gmail.com> [2007-03-09 13:27]:
...
rules similar to Snort ones to describe browser based attack
attempts.
All incoming HTTP and HTTPS traffic is scanned with these
rules. HTTPS and compressed responses are scanned after
decryption/decompression.
So the next snort style overflow/format string/etc bug from all that
string bashing code going on in the ids can now let the attacker
compromise a process with access to my https stream decrypted -
probably on an already convieniently open descriptor. Yeah. Baby.
"Web Browers are Bloated Fscking Monsters that are full of bugs"
"Lets add more code to look for people exploiting the bugs - of
course this code won't have bugs.."
Isn't it the case with every software created to add some protection
to you computer? Firewalls, antiviruses, IDSes etc. are all adding
code to your operating system that may, in the future, be found
vulnerable to some attack. It is just the question whether protection
they provide compensates additional threat they may introduce.
Guys, I agree. The guy created something very cool. Use it if you like,
otherwise, now that we understand the risks, let's move on.
I am not hoping to stop the general useless chatter (and I find it useful
for community development), I am hoping to thank the guy and make him feel
good about what he created.
Thank you for creating this.
Jan Wrobel
Gadi.
--
"beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi"
- HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.
