"By observing a program's normal behavior and assigning a set of rules, ClearView detects certain types of errors, particularly those caused when an attacker injects malicious input into a program. When something goes wrong, ClearView detects the anomaly and identifies the rules that have been violated. It then comes up with several potential patches designed to force the software to follow the violated rules. (The patches are applied directly to the binary, bypassing the source code.) ClearView analyzes these possibilities to decide which are most likely to work, then installs the top candidates and tests their effectiveness. If additional rules are violated, or if a patch causes the system to crash, ClearView rejects it and tries another."
http://www.technologyreview.com/computing/23821/
thoughts from IRC:
<@rhythmx> there are tons of auto analysis tools/ideas already... they are mostly full of fail <@rhythmx> and running that tool inline seems like a bad idea... because then you just increased the potential attack surface even more
<@rhythmx> you could maybe trick it into flagging all normal requests as evil ones and DoS all the services
+++
<@neonfreon> if your vendor sucks so bad you have to get a third party binary autopatcher you have problems
<@neonfreon> even if it's doable it's really stupid
<@neonfreon> it's a non deterministic crazy ass software modifier basically doing automated QA and bug fixes on a live, production system
<@neonfreon> that's fucking retarded
<@neonfreon> nobody wants that kind of thing in their enterprise
<@neonfreon> do that in QA labs
<@neonfreon> it has to also suffer from undecidability issues somehow
<@neonfreon> halting problem type issues
<@neonfreon> detect and fault and shutdown is all anyone wants and it's whats out there already
+++
<@jazz> as far as the self-patching thing, I think it's great for the situation they described wrt radiation potentially fucking bits
<@jazz> but if they try to apply it to commercial software I'm gonna laugh my ass off
+++
<@eliteandevil> wonder if you can make manipulate it so that it patches in a backdoor
<@eliteandevil> or makes it vuln to something
<@eliteandevil> making the unexploitable exploitable
<@jazz> I'm sure there'd be a way to poison the well
<@jazz> well remember that kernel bug a while back that only became an exploit due to compiler optimization?
<@jazz> I'm sure something similar would happen with this kinda technology
____________________________________________________________________
"Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, to steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems."
this article goes on to talk about possibilities of power grids being shutdown thru cyber warfare and other complete bullshit. I think they fail to realize we got along fine before the internet. Even if attackers could compromise such things as power grids, I am sure there are fail-safe methods to put them back up manually.
heres some shit daily dave thought was WTF, and i agree.
- "Some foreign power" was able to penetrate the Pentagon by leaving infected thumbnail drives where military
personnel would find them, and use them. On the plus side, NOW thumbdrives are banned.
- In 2007, "Some unknown foreign power" penetrated the Department of Defense, Department of State, Department of
Commerce, and they even think NASA, and stole terabytes worth of information. The method of attack wasn't disclosed as
far as I remember.
- Some medical database owned by the state of Virginia was stolen, rm'd, encrypted, and ransomed. Sean Henry, who was
describing it, didn't comment on whether or not the state actually paid the money, but his response seemed to imply
that they did.
60 Minutes link. Cyber Warfare.
Daily Daves rant
No comments:
Post a Comment