Ooh! Headshot! Linus Torvalds about OpenBSD Team.
WindowsSource: http://thread.gmane.org/gmane.linux.kernel/706600/
On Tue, 15 Jul 2008, Linus Torvalds wrote: > So as far as I'm concerned, "disclosing" is the fixing of the bug. It's > the "look at the source" approach. Btw, and you may not like this, since you are so focused on security, one reason I refuse to bother with the whole security circus is that I think it glorifies - and thus encourages - the wrong behavior. It makes "heroes" out of security people, as if the people who don't just fix normal bugs aren't as important. In fact, all the boring normal bugs are _way_ more important, just because there's a lot more of them. I don't think some spectacular security hole should be glorified or cared about as being any more "special" than a random spectacular crash due to bad locking. Security people are often the black-and-white kind of people that I can’t stand. I think the OpenBSD crowd is a bunch of masturbating monkeys, in that they make such a big deal about concentrating on security to the point where they pretty much admit that nothing else matters to them. To me, security is important. But it’s no less important than everything *else* that is also important! Linus
Capture memory under Win2k3 or Vista with win32dd!
WindowsActually, win32dd is the only 100% open-source tool to capture memory under Win2k3 or Vista. Even, if ManTech released a similar tool yesterday, but some part of the source code (e.g. driver source code) are missing. Then, I decide to release mine as a full open-source project under GPL3 license.
The main difference between ManTech tool and win32dd, is that win32dd is mainly a kernel mode application — then it avoids to use user-land API to write to an output file, everything is done with native functions. Thus, it means a faster dumping… This point isn’t negligible when you have one million page to dump in one single.
In ManTech tool, the driver is only used to get \Device\PhysicalMemory handle.
Download win32dd v1.0.20080615 now!
EDIT: (16th June), New version, fixed bug.
PS: You can read further information about PhysicalMemory restriction access on the Microsoft MSDN here.
BlackHat Las Vegas Briefing 2008
Windows
In November 2007, Nicolas and I presented “Enter SandMan” in Tokyo at PacSec during its development phase. You can get the materials we used for this lecture here in English and here in Japanese.
Some months later, an alpha version formally called 1.0.080226, of Sandman Framework has been released as an open source project. — you can find the current version here. Please consider, as Volatility Team has kindly reminded SandMan is a GPL3 project then don’t imitate Vendor “X” which don’t even waited a final version of SandMan to violate the GPL and then implemented a bugged version into his commercial products :).
Furthermore, in March Cedric presented and commented the SandMan proof of concept video during lightning talks at CanSecWest 2008 in Vancouver.
Anyway, at the upcoming Black Hat Vegas 2008, I’m going to give a talk entitled “Windows hibernation file for fun and profit“. This talk aims to discuss about both forensics and offensics uses through the hibernation file (hiberfil.sys) with SandMan.
For your information, Alex is also giving a talk at BH called “Of Pointers and Handles A Story of Unchecked Assumptions in the Windows Kernel”.
You can take a look at the full schedule here.
X-Files. Episode 2. *Squeeze*
Articles, Law, SandManAs said previously, it’s really easy to find proof of plagiarism when an open-source tool is released and whan this source is reimplemented into a commercial software without compliance. Andreas published a new article called The implementation by Vendor “S”. In this article, he has explained what are the differences between the implementation of XpressDecode in SandMan and the Microsoft OS Loader’s one.
X-Files. Episode 1. *Deep throat*
Articles, Forensics, LawAndreas, recently published an interesting article called “The 3 Vendors”. This article is talking about GPL rights violation against researchers who share their knowledge. And also demonstrate, how this kind of violation can be easily identified through code flowchart. It sounds like the beginning of a series…