[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How are hackers breaking Tor and trojan users?



On Tue, Jun 10, 2008 at 9:10 PM, Arrakis <arrakistor@xxxxxxxxx> wrote:
> ... you can stop the effects of 0-days altogether.
>
> ... janusvm or xb machine ... implementation removes the
> attack landscape for 0-day attacks.

this is a pretty strong statement and unsupported for any more complex
attack against a host.  to claim immunity from 0day is to ignore the
(less likely) use of multiple exploits against a virtual machine
environment for escalation of compromise of the guest up to full
control of the host. [0] [1] [2] [3] [4] [5] [6] [7] [8]

that is not to downplay the benefits of a vm model with isolated
network stack; this provides a clear improvement in terms of defense
in depth and reducing attack surface available to attackers (to use
against you).

unfortunately, without fundamental and sweeping changes in the way
software is designed, implemented and used the 0day is here to stay,
no matter who you are...

best regards,

NOTE: i'm picking on vmware to prove a point (and because they're such
an easy target!) but the lesson applies to all virtual machines or
hyper visor implementations crafted by human brains...

0. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100
1. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2099
2. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967
3. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948
4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
5. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
6. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
7. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671
8. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4459
[ ... no need to continue beating this dead horse ... ]