Hi all, We talk about different targets and payloads in Exploiting Software. Bottom line, my opinion is that it's not that much harder. So the switch should be a wash.
gem -----Original Message----- From: der Mouse [mailto:[EMAIL PROTECTED] Sent: Fri Jan 27 15:29:59 2006 To: SC-L@securecoding.org Subject: Re: [SC-L] eWeek says "Apple's Switch to Intel Could Allow OS XExploits" > The article claims that Apple's use of Intel chips will result in > more software exploits because, "'Attackers have been focused on the > [Intel] x86 for over a decade. Macintosh will have a lot more > exposure than when it was on PowerPC,' Sounds likely. > I was hoping to find some hint of a hardware architectural feature > that the powerpc has that provided an additional means of protection, > but the article mentions none. Instead, the only reason that it > cites for the (presumed) increase in software exploits is attackers' > knowledge and experience base. I think that's probably fair. PPC is probably a little harder to work with because it's RISC, making it harder to write code without NULs (and a lot of injection mechanisms won't work if you have embedded NULs). However, it's not really very much harder, and attackers would have done it if the PPC target had been as big as the x86 target. > After all, didn't attackers also have access to powerpc systems to > build attacks on during the same timeframe that Symantec suggests? Sure, but less motivation to do so, because most of the machines out there were, and are, x86. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ---------------------------------------------------------------------------- _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php