[Full-disclosure] RE: when will AV vendors fix this???

[Paul Schmehl]

Dmitry Yu. Bolkhovityanov wrote:
> 
> 	Any type of data/file hiding (of course, alternate data streams in 
> the first place) can become the last brick required for some new attack 
> vector.
> 
> 	So, while currently I can't present any workable scenario, I 
> wouldn't consider such type of data hiding as "not a security-relate 
> problem".
>
*Of course* it's a "security-related" problem.  The solution to that 
problem is what is being discussed.

When data is at rest, it presents no threat to the OS (AFAIK).  It's 
just electrons aligned in a certain, specific way on media.  It's only 
when data enters memory and becomes part of the stream that the 
processor(s) have to act upon that the threat becomes "real".  For data 
to enter memory it must be accessed in some way.  If that access process 
is being monitored and *if* the exploit is known, it will be detected 
and whatever action is specified by the protective software will be taken.

To put it another way, what risk do bombs stored in a concrete bunker 
present?  None, unless they are accessed somehow.  If proper monitoring 
is in place, that will never happen without being detected and prevented.

-- 
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5268 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060814/6d420237/attachment.bin