| |||||||||||||
Still more nonsense...Still more nonsense...Posted Nov 20, 2011 9:09 UTC (Sun) by khim (subscriber, #9252)In reply to: This is partially true... by Cyberax Parent article: Interview with Andrew Tanenbaum (LinuxFr.org)
So how come memory protection can't protect us from flaws in JVM/CLR/Flash? Because they don't use it? They foolishly believed your tales (that managed code can save us all) and thus neglected compartmentalization via MMU. When browser developers stopped believing this tale and started using memory protection.... well, Chrome is left standing for last 3 years in pwn2own and Firefox was unbroken after it did similar switch. Sure, memory protection is not perfect, I'm pretty sure eventually Chrome will be broken (contestants could have used recent Windows UDP vulnerability to break any Windows system, after all), but so far it works much, much better then "formally proved" managed code approach. I will repeat again: >As the saying goes: memory protection is the worst form of security... except all the others that have been tried. Memory protection is not perfect. In fact it's awful in many respects. It's just better then anything else out there - and that's it. And yet we've had a resurgence of graphics accelerators once it became clear that CPUs are not up to speed with graphics. They were never lost. We have systems without graphics accelerator today and we always had systems with graphics accelerator for the last 30 years. It was just matter of choice: Nintendo happily sold systems with sprite acceleration in a time when Apple decided to ditch it. And PC kept it when NEXTStep thrown away it's own acceleration when it was ported to Mac to become MacOS X. Not at all like LISP or Java machines which were produced for a few years in small quantities, never reached mainstream and then were lost and forgotten. Just imagine - a new worm starts infecting routers making them slam the network with continuous scans at full speed. In minutes you can get millions of routers infected. Such a scenario is unlikely, but is certainly possible. Especially since routers' hardware is slowly converging to just several platforms. Cui prodest? You had the ability to do something similar for years using Windows computers (it certainly have similar number of vulnerabilities to what you have in routers - and it's the same image on hundred of millions systems) - yet nothing happened. The same is true for routers (as I've said you don't even need to search for vulnerabilities). Such attacks must be organized by someone - and it's not easy to organize such a "perfect storm" attack. Unless carefully orchestrated it'll clog the pipes from the region where it will be started and people from outside will be able to contain the problem. If you can not explain why this attack is more likely in two years it's just fairy tale. Please don't talk about rise in cyberhostility: it's true that people are inventing more sophisticated things and money involved in this part of the underworld is quite significant, but all these changes are pointing to more stealthy attacks, not more flashy ones. Parasite is not interested in killing the host!
(Log in to post comments)
Still more nonsense... Posted Nov 21, 2011 4:30 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
Oh, Chrome has been broken multiple times.
http://www.zdnet.com/blog/hardware/google-chrome-pwned-on... - this is a complete pwnage.
'Page local' exploits are even more numerous.
So your best case shows that MEMORY PROTECTION WITH UNMANAGED LANGUAGES IS NOT SECURE and can not be made so with any rational amount of investment. There are literally no large enough unmanaged systems without buffer exploit vulnerabilities.
Define large enough... Posted Nov 21, 2011 7:34 UTC (Mon) by khim (subscriber, #9252) [Link] There are literally no large enough unmanaged systems without buffer exploit vulnerabilities. And the same is true for managed systems. But security is not binary. Number of successful exploits against JVM and .NET dwarfs the number of successful exploits against memory-managed systems. So your best case shows that MEMORY PROTECTION WITH UNMANAGED LANGUAGES IS NOT SECURE No, my best case shows that you can make it secure enough that break-ins will make the news. JVM and .NET-based break-ins are just accepted as "fact of life", even if they make the news they are reported as "oh, well, yet another vulnerability is found and fixed in XXX product". Often they don't make the news at all. If your idea of improving security is to replace poorly behaving system with utterly broken system then I'm glad you are not working here.
Define large enough... Posted Nov 21, 2011 7:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
Yup. Most (note this!) current implementations of VMs are written in unreliable unmanaged languages so they are not secure. And I wouldn't expect them to be.
To have a secure system you need your hardware to enforce safety. That can be done with the help of architectures with TAL (Typed Assembly Languages) which Azul system essentially is.
In this way you can build the system using safe languages from ground up. And small unsafe parts can be audited to hell and back.
Ah, that again... Posted Nov 21, 2011 8:21 UTC (Mon) by khim (subscriber, #9252) [Link] To have a secure system you need your hardware to enforce safety. That can be done with the help of architectures with TAL (Typed Assembly Languages) which Azul system essentially is. Well, Azul hardware systems will be interesting exhibits in Computer History Museum (next to Intel iAPX 432 and LISP machines), I'll grant you that, but I fail to see how these museum pieces are relevant to the discussion.
Still more nonsense... Posted Dec 5, 2011 19:07 UTC (Mon) by cmccabe (guest, #60281) [Link]
It looks like that bug was not a Chrome bug, but an Adobe Flash bug.
See http://www.reddit.com/r/netsec/comments/h9vax/is_the_vupe...
> "As usual, security journalists don't bother to fact check. VUPEN
|
|||||||||||||