Re: [SC-L] eWeek says "Apple's Switch to Intel Could Allow OS X Exploits"

jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/ http://www.wormblog.com/ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List

Re: [SC-L] eWeek says "Apple's Switch to Intel Could Allow OS X Exploits"

p;a=1&t=txt by HD Moore in short it's not quite as straightforward as it seems, but obviously possible, and that has been one of the hindrences to people developing attacks for the chip. unfortunately, there is no shortage of bugs to exploit on most common PPC OSes (AIX, OS X mainly).

Re: [SC-L] Managing the insider threat through code obfuscation

discover the same things? the biggest threat internally isn't the one or two people per thousand who can and will do this, it's the much larger number of people who wont use exploit development techniques to access things they shouldn't. bytecode obfuscation does nothing to

[SC-L] Former cybersecurity czar: Code-checking tools needed

FYI ... jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/ http://www.computerworld.com/securitytopics/security/story/0,10801,97988,00.html By Grant Gross DECEMBER 02, 2004 IDG NEWS SERVICE WASHINGTON -- Software

[SC-L] interesting articles on secure coding

and maybe something interesting will pop up. ____ jose nazario, ph.d.[EMAIL PROTECTED] http://monkey.org/~jose/ http://infosecdaily.net/

[SC-L] [paper] Model Checking One Million Lines of C Code

the first time that model checking is practical and useful for detecting security weaknesses at large scale in real, legacy systems. ____ jose nazario, [EMAIL PROTECTED] http://monkey.org/~jose/    http://infosecdaily.net/

Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

and taught. ____ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/

Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

aring students for this (ie language choices and topic choices). enjoy. jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/

[SC-L] opinion, ACM Queue: Buffer Overrun Madness

buffer overruns. These would be minor irritations but for the world's addiction to the weakly typed programming languages C and its derivative C++. jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/

Re: [SC-L] auditing

means to learn model building, study the language specification (spot the ambiguities is a fun game to play) and start hacking tools. dilligance, dilligance, dilligance. jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/

Re: [SC-L] Re: Application Sandboxing, communication limiting, etc.

complain and be annoyed when they find their access suddenly fettered. ___ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/ http://infosecdaily.net/

[SC-L] interesting presentation

from dawson engler's group: http://www.stanford.edu/~engler/softmc03-talk.pdf evaluates various checkers in various settings. ___ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/