Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Xfree86 video buffering?

from [Stan Bubrouski] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Xfree86 video buffering?
Date: Fri, 25 Feb 2005 13:10:17 -0500 
bkfsec wrote:

Stan Bubrouski wrote:

That seems like a pretty unhelpful solution. Say the system crashes? Or KDE or
X crash? The same problem will still exist.

With this solution someone could intentionally crash your machine to avoid those
routines from running. I'm not trying to put you down or anything, in fact I probably
know less about video related stuff than most on the list, this just doesn't seem like
the best way to do it. I have no better suggestions, I'll leave this one to
the experts.

You'd think that if someone could force a timed crash on the machine intended to save a small amount of data to buffers on the video card, that you'd probably have many more problems on your hands than that.

Fair enough but I wasn't really suggesting it, more just pointing out that if X died the buffers still wouldn't be flushed if
that is indeed the problem.

Not to mention that when a machine crashes, most people don't just walk away and say "oh well". They usually restart the machine to either continue what they were doing, or to make sure that it starts up properly. We're not really talking about remote information disclosure, we're talking about someone being right at the terminal.

Much of the internet is made up of unattended machines...

My thought on that is that the only way that a crash would work for this is if the person were looking over your shoulder. At that point, why would they need to crash the system?

I simply used a lame example to illustrate a point. Think of computer labs and offices.
If my lab machine crashes I move to another... and someone else may sit down and see what I was just doing.

Plus if you work in an office and crash someone's machine while they are away from it you can still start it up
and watch the screen before GDM or whatever kick in. Really though like I said I really just wanted to
point out that X not shutting down properly bypasses the proposed solution, thats all.

Likewise, not trying to put you down... just pointing out my observations.

Ditto :-D

-sb

            -Barry




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Xfree86 video buffering?, KF (lists)
Next by Date:  [Full-Disclosure] Re: Xfree86 video buffering?, Riad S. Wahby
Previous by Thread:  Re: [Full-Disclosure] Xfree86 video buffering?, bkfsec
Next by Thread:  [Full-Disclosure] Re: Xfree86 video buffering?, Riad S. Wahby
Indexes:  [Date] [Thread] [Top] [All Lists]