Linked by Thom Holwerda on Tue 8th Aug 2006 19:21 UTC
Privacy, Security, Encryption "You've probably heard of full disclosure, the security philosophy that calls for making public all details of vulnerabilities. It has been the subject of debates among researchers, vendors, and security firms. But the story that grabbed most of the headlines at the Black Hat Briefings in Las Vegas last week was based on a different type of disclosure. For lack of a better name, I'll call it faux disclosure. Here's why."
Thread beginning with comment 150420
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: All Cards, All OS
by TechGeek on Tue 8th Aug 2006 20:21 UTC in reply to "All Cards, All OS"
TechGeek
Member since:
2006-01-14

While its true that the transmission is insecure, without knowing more about the exploit, we don't know how to protect against it. Will a basic firewall negate the vulnerability? Or is it a bug in the networking stack that will pass all traffic through regardless. I dont use wireless when I do anything sensistive, who cares if someone watches me surf OSNEWS. But I dont want there to be a backdoor into my system because of it.

Reply Parent Score: 1

RE[2]: All Cards, All OS
by butters on Tue 8th Aug 2006 23:34 in reply to "RE: All Cards, All OS"
butters Member since:
2005-07-08

It's my understanding the problem is not in the network stack at all, it's related to the way the driver copies data from the hardware registers into a kernel buffer, before it reaches the network stack.

This is just one of the many reasons to despise 3rd-party proprietary drivers in kernelspace. Who is liable for this stuff? The hardware vendor will claim that the vulnerability doesn't exist on platform X or that the problem could have been avoided if the OS vendor had done steps 1, 2, and 3. The OS vendor will claim that there's no way that they could have found the vulnerability in the proprietary code without reverse engineering techniques.

These companies are rushing products to market with drivers that run with elevated privileges and can cause massive losses if there's a bug--and there's little we can do to protect ourselves. Where's Ralph Nader when you really need him?

Reply Parent Score: 4