[10841] in bugtraq
Re: IIS Remote Exploit (injection code)
daemon@ATHENA.MIT.EDU (Dug Song)
Wed Jun 16 17:05:49 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.10.9906161615090.26447-100000@funky.monkey.org>
Date: Wed, 16 Jun 1999 16:40:25 -0400
Reply-To: Dug Song <dugsong@MONKEY.ORG>
From: Dug Song <dugsong@MONKEY.ORG>
X-To: Ethan Benatan <ethan+@PITT.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199906161909.TAA27466@antimony.cs.pitt.edu>
On Wed, 16 Jun 1999, Ethan Benatan wrote:
> Very true, and this is a terrifically important message to get out...
> Diversity makes for resilience, and vice versa.
see stephanie forrest's work on computer immunology:
http://www.cs.unm.edu/~immsec/
and to a lesser extent, random "canary" values in StackGuard:
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
and the introduction of randomness to defeat race attacks, predictable
sequence number attacks, etc. in OpenBSD:
http://www.openbsd.org/crypto.html
-d.
---
http://www.monkey.org/~dugsong/
