July 22, 2005 - Insecure Countermeasures

by Jeff Moss

Some of the latest “solutions” to common security problems are proving to hurt as much as they help, if you blindly trust them. The consequences of this blind trust are the focus of this BlackPage. In this issue, we take a look at two countermeasures that could work against you. David Maynor shares his findings on the ineffectiveness of highly regarded buffer overflow solution implemented in the latest “secure” CPUs. Alex Wheeler, Mr. Anti-Anti-Anti Virus, focuses on the world’s largest mandated security countermeasure revealing that an A/V client could be your biggest hole.

  Insecurity Inside

by David Maynor posted July 22, 2005

Buffer overflow protection has always interested me and when I first discovered NX I was worried it could signal the end of the security community. After spending several weeks tearing it apart I discovered I had nothing to fear. At first the only attacks I could get to work were the standard lame return-to-libc attacks everyone has done. Actually before that I had to figure out exactly what was being protected and when. This became quite confusing with optin and out policies and things like PAE to consider. Even with chaining several return-to-libc calls together I was still getting no help with the heap. After learning that on windows the exceptions generated by NX were handled by the exception handler chain I knew an evasion solution could not be far off.

Much like generic API Hookers, the first downfall came in the form bad coverage of code. Once this was discovered NX protection suddenly morphed into swiss cheese and I was able to get many different types of heap attacks working. After spending most of the time on Windows I found that the linux implementation had several of the same systemic problems but were often harder to exploit because of other security technologies bundled in. The linux portion of my speech focuses on NX and not things like libc randomization.

  ANTI-Up

by Alex Wheeler posted July 22, 2005

We think antivirus companies have a hard job keeping computers safe from hackers. Internet hackers are sneaky and it is generally good to keep them away. Most of us have antivirus software installed on our systems to help keep hackers out.

However, current research has shown antivirus (1, 2, 3, 4) is also vulnerable to internet hackers. Doh! At first this may be frustrating to discover hackers can exploit the very thing supposedly protecting you. Not cool. Talk about an “INTERNET HACKING ALERT”, right?! Settle down there partner ;-)

We have invented a new form of protection to keep you safe: “Anti-Anti-Virus”. This revolutionary software will protect your antivirus software from internet hackers. Now you can safely surf the

We have invented a new form of protection to keep you safe: “Anti-Anti-Virus”

internet and get e-mail because your system’s antivirus is protected from hackers by “Anti-Anti-Virus”. This is pretty sweet technology and should be out of beta shortly.

And for those thinking ahead: We are already in the process of architecting a new breed of software to protect “Anti-Anti-Virus” from internet hackers. After all it’s just a matter of time… It will tentatively be called: “Anti-Anti-Anti-Virus”.