[Full-disclosure] RE: when will AV vendors fix this???
pauls at utdallas.edu
Mon Aug 14 21:23:44 BST 2006
Dmitry Yu. Bolkhovityanov wrote:
> Any type of data/file hiding (of course, alternate data streams in
> the first place) can become the last brick required for some new attack
> So, while currently I can't present any workable scenario, I
> wouldn't consider such type of data hiding as "not a security-relate
*Of course* it's a "security-related" problem. The solution to that
problem is what is being discussed.
When data is at rest, it presents no threat to the OS (AFAIK). It's
just electrons aligned in a certain, specific way on media. It's only
when data enters memory and becomes part of the stream that the
processor(s) have to act upon that the threat becomes "real". For data
to enter memory it must be accessed in some way. If that access process
is being monitored and *if* the exploit is known, it will be detected
and whatever action is specified by the protective software will be taken.
To put it another way, what risk do bombs stored in a concrete bunker
present? None, unless they are accessed somehow. If proper monitoring
is in place, that will never happen without being detected and prevented.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5268 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060814/6d420237/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.