Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Obfuscated web pages

from [Mike Barkett] Network Security [Permanent Link]
Subject: RE: Obfuscated web pages
Date: Fri, 29 Feb 2008 17:28:36 -0500 

Well, my friend, I guess we will have to agree to disagree and leave it at
that for now.  As you said, the topic is tiresome now that our respective
opinions are already on the table, and surely time will tell.

The only part I feel compelled to respond to is the sentence below in which
you wryly call out my method of argumentation.  To reiterate, I answered two
separate questions differently: the original thread query (re: DOM
inspection) in the hypothetical future tense, using past experiences as
support for an opinion; and an ancillary question (re: sandboxed signatures)
in the literal present, using current facts as support.  No mixing of
abstraction necessary.


Hopefully the thoughts expressed in this thread will inspire one of the many
college students on this list to take up the challenge, and try to
demonstrate whether or not inline JS inspection can be made to be somewhat
useful.  If anyone does decide to try to implement it with N-code or any
other language, then let me know and I'd be happy to lend some ideas to the
cause.


Thanks.
-MAB

--
Michael A Barkett, CISSP
IPS Security Engineering Director
Check Point Software Technologies
+1.240.632.9000 Fax: +1.240.747.3512



-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Ivan Arce
Sent: Thursday, February 28, 2008 8:14 PM
To: Mike Barkett; focus-ids@securityfocus.com
Subject: Re: Obfuscated web pages

...

generally not the tone of this list, and I doubt either of us has the

time.

In my opinion, it would be a mistake to flout the continued maturation

of

analysis technology, much as was done by the many people who a decade

ago

thought that IPS was infeasible.  Ptacek and Newsham's paper was

seminal,

and defense against those principles is a must-have in the IPS world

today,

but let's not forget that 10 years ago many were citing that paper as a
harbinger of doom for IDS, not to mention IPS.  Yet, within a couple

years,

the better IDS products had accounted for all the methods.


You seem to mix different layers of abstraction in the manner that best
serves to support your opinion, which is completely fair game but not
necessarily accurate.



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: Obfuscated web pages, Stefano Zanero
Next by Thread:  Re: Obfuscated web pages, Stefano Zanero
Indexes:  [Date] [Thread] [Top] [All Lists]