heuristics problem (was: Re: Malware "best practices")

Tom Buskey tom at buskey.name
Thu Jul 27 08:57:00 EDT 2006 

On 7/26/06, bmcculley at rcn.com <bmcculley at rcn.com> wrote:
>
>
> >From: Chris Brenton <cbrenton at chrisbrenton.org>
> >On Mon, 2006-07-24 at 15:03 -0400, Ben Scott wrote:
>
> I think the mainframe world is concerned with making the VMs
> robust enough to endure unintentional abuse not malicious
> intent.  Outside attackers are controlled at the perimeter,
> long before they get to the mainframe.  The VMs are used for
> keeping QA and devos isolated from production operations, and
> there are enough esoteric auditing and access control
> facilities to deter the applications developers from
> attempting system hacking.  Good practice in large shops with
> heavy iron includes separation of duties, so sys programmers
> and app programmers are in different worlds, and never the
> twain shall meet.


We're going to see more of this in the future with Xen, VMware, MS Virtual
Server and Solaris Zones.  Intel is also adding features so more can be done
in hardware rather then software.

I've been playing with VMware Server (free download) lately and it's quite
interesting what can be done.  The demos I've seen of the Enterprise version
are amazing.  It's worth going to a VMware seminar.


>At the recent SANS conference in DC Ed Skoudis & Mike Poor of
> >IntelGuardians did a pretty cool talk on breaking out of
> VM's. Seems its
> >not as hard as people might think.
> >


Most of the focus is on keeping people out, not in.  How many have
*outgoing* firewall rules?

You can setup VMs to run as an unprivilaged user.  How about a VM running
inside a chroot jail?

Sounds interesting.  Were they talking about VMs as VMware or
> did they encompass IBM mainframe os architectures as well?
> I'm very very interested in knowing that!


And Xen and ....


A few years back, there was a bug in the MacOSX/Virtual PC combo on the Mac
that could be exploited for escalation.


Thanks!
>
> -Brucem
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20060727/b257ae09/attachment.html

More information about the gnhlug-discuss mailing list