Re: malicious code
From: lists@notatla.demon.co.uk
Date: 01/28/03
- Previous message: Ed Carp: "safe strcpy()?"
- Maybe in reply to: Jeff Williams: "malicious code"
- Next in thread: Jason Coombs: "RE: malicious code"
- Reply: Jason Coombs: "RE: malicious code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: jsquared@erols.com, secprog@securityfocus.com Date: Tue, 28 Jan 2003 07:20:10 +0000 (GMT) From: lists@notatla.demon.co.uk
From: "Jeff Williams" <jsquared@erols.com>
> I'm not looking for technology. It is going to be a very long time before
> software can even find unintentional security errors. I was hoping that
> someone had done some research on how human code review can find malicious
> logic. Is the problem exactly the same as searching for inadvertent
> security flaws, or are there specialized techniques for searching out
> malicious logic.
ISTR one malicious logic of recent years (TCP wrapper trojan, 1999 ?) had
different behaviour according to the source port of the connection.
Calling crypt(3) and comparing the result to a stored string might be
another indicator.
Features such as starting a shell (or anything else) in a program you know
shouldn't do that would be another. That's one of the things you can
prevent with technology (such as SubDomain).
I agree that anything approaching comprehensive detection is hopeless.
- Next message: Crispin Cowan: "Re: safe strcpy()?"
- Previous message: Ed Carp: "safe strcpy()?"
- Maybe in reply to: Jeff Williams: "malicious code"
- Next in thread: Jason Coombs: "RE: malicious code"
- Reply: Jason Coombs: "RE: malicious code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
