Posts by trusttone 2 publicly visible posts • joined 29 Aug 2009
Think DH key exchange on TLS (ECDHE is too advanced). Once the identity of both parties are verified, the DH key exchange is done (simplifying TLS). If one of the identities is unknown, DH is not performed and data is sent in clear. One can have TLS auth without encryption.
The problem is one can run DH variations on the top of it and still get encrypted communications.
I agree that full ASLR deployment would be better but the real advantage of ASLR comes into play when one has insecure code. Tilo Muller states in "ASLR Smack & Laugh Reference",
"ASLR is not a replacement for insecure code, but it can offer protection from vulnerabilities that have not been fixed and even not been published yet."
By insecure code one obviously means not just a piece of code but the entire design of the system. There are fundamental differences between the way Windows systems are built using heavily interlinked parts vs the OSX system. Hence code vulnerabilities lead to fewer exploits. OSX still has issues but they are not as systemic as on the WinX systems where you do want to randomize since there are already so many entry points.
Also, on 32 bit address architectures, address space randomizations are fairly ineffective.
from the paper "On the effectiveness of address-space randomization"
http://portal.acm.org/citation.cfm?id=1030124&dl=ACM&coll=
"The resulting exploit is as effective as the original exploit, although it takes a little longer to compromise a target machine: on average 216 seconds to compromise Apache running on a Linux PaX ASLR system. The attack does not require running code on the stack."
Essentially, there aren't enough bits to do an effective and thorough randomization on 32-bit machines.
I think 64-bit systems are up next ...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
