Well, my friend, I guess we will have to agree to disagree and leave it at that for now. As you said, the topic is tiresome now that our respective opinions are already on the table, and surely time will tell.
The only part I feel compelled to respond to is the sentence below in which you wryly call out my method of argumentation. To reiterate, I answered two separate questions differently: the original thread query (re: DOM inspection) in the hypothetical future tense, using past experiences as support for an opinion; and an ancillary question (re: sandboxed signatures) in the literal present, using current facts as support. No mixing of abstraction necessary. Hopefully the thoughts expressed in this thread will inspire one of the many college students on this list to take up the challenge, and try to demonstrate whether or not inline JS inspection can be made to be somewhat useful. If anyone does decide to try to implement it with N-code or any other language, then let me know and I'd be happy to lend some ideas to the cause. Thanks. -MAB -- Michael A Barkett, CISSP IPS Security Engineering Director Check Point Software Technologies +1.240.632.9000 Fax: +1.240.747.3512 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Ivan Arce > Sent: Thursday, February 28, 2008 8:14 PM > To: Mike Barkett; [email protected] > Subject: Re: Obfuscated web pages ... > > generally not the tone of this list, and I doubt either of us has the > time. > > In my opinion, it would be a mistake to flout the continued maturation > of > > analysis technology, much as was done by the many people who a decade > ago > > thought that IPS was infeasible. Ptacek and Newsham's paper was > seminal, > > and defense against those principles is a must-have in the IPS world > today, > > but let's not forget that 10 years ago many were citing that paper as a > > harbinger of doom for IDS, not to mention IPS. Yet, within a couple > years, > > the better IDS products had accounted for all the methods. > > You seem to mix different layers of abstraction in the manner that best > serves to support your opinion, which is completely fair game but not > necessarily accurate. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
