useless security solutions

[MS_Security]

i was searching for information on biologically inspired response to unknown vulnerabilities and i thought that if the system could extrapolate the full scope of poly/metamorphism available to the vulnerabilities that i could cut down on the overhead of discovering each at time of occurrence. this lead me to a paper on the davis malcode analyzer (dacoda) and that in turn lead me to this paper:

http://wwwcsif.cs.ucdavis.edu/~crandall/wuformat.txt

it is an old exploit. far too old to be useful except to teach some interesting lessons. the exploit works against wu-ftpd 2.6. more importantly it works against a chrooted/jailed wu-ftp 2.6 that also is protected by stackguard and random library addresses and non-executable pages. the attack is remote and does not even require the attack to have the right to upload content.

i hope this may help teach those who wish to learn about the importance of understanding security requirements deeply enough to know if your security solution actually meets those requirements or if it is just considered standard.

[thehorse13]

was searching for information on biologically inspired response to unknown vulnerabilities

There is only one way to do this. Behave like the human body. I allow everything known good and kill/deny everything else.

Several computer scientists/researchers have made working models of this and IIRC, Marcus Ranum was working on this a while back as well.

--TH13

[MS_Security]

positive security models can be ideal (i just posted about this on the php security tutorial) but are not always applicable nor will they protect from all attack types.

also remember two things the bodys approach is not perfect (ebola) and intrusion prevention is only the first generation of computer security.

[thehorse13]

Agreed.

This lends to why there are no commercial products, in my opinion, that implement this with enough effectiveness.

--TH13