From: Dan Clemmensen (Dan@Clemmensen.ShireNet.com)
Date: Thu Nov 19 1998 - 05:41:49 MST
Eugene Leitl wrote:
>
> In fact, the longer it takes before the worm strikes, the more
> dramatic will the effects be. If the worm strikes a decade from now,
> y2k will look like an infinitesimally small beer in comparison.
>
> How can one address it? TCP/IP is too complex to be implemented in
> hardware, and protocols stacks cannot be made secure. Even if, there
> is still the application layer. Even security by obscurity (system
> diversity, which is not necessary an observable trend) won't help if
> the code is smart enough to discover exploits autonomously.
>
> Does anybody see any workaround against this? I don't.
>
One "simple" counter is to only run code that you have the source
for and that you compiled yourself. This isn't perfect, but
open-source code has a lot more eyes looking for and fixing
vulnerabilities. A more difficult counter is to modify the
hardware and/or compilers to remove certain common exploits.
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 14:49:48 MST