-
Vulnerabilities and hype
Take some vulnerabilities, don’t investigate the conditions which are needed to exploit them, and you got a good old fashioned security hype. The gist of it: there are some flaws in the ActiveX controls VMWare installs. The possible attack scenario for these vulnerabilities looks like this: The user has VMWare (or VMWare Disk Mounter for…
-
What virtualization can and cannot do in an anti-malware context
Over at the anti-virus rant blog (which is a nice blog because it includes the word rant in the title :)) Kurt Wismer states that virtualization is overhyped as a security technology. While I agree, I want to point out that following some simple rules, it can be a very powerful security which can easily…
-
Hack the Gibson – Episode #59
Read the reason for these posts. Read Steve Gibson’s response. Finally, I’m getting in synch with the released episodes. This one is relatively error-free, I have only just a few comments to make: buffer overrun doesn’t always mean that the buffer is on the stack, it can be in the heap also. Hardware DEP prevents…