| FRONTPAGE | DOWNLOADS | ABOUT ME | TERMS & CONDITIONS |

SA Security Bloggers

link SensePost
link Haroon Meer
link Matt Erasmus
link Andrew Mohawk
link Junaid Loonat
link Barry Irwin
link Tom Wells
link Allen Baranov
link Jock Forrester
link IT Security Pubcast
link Telspace
link ISGAfrica
link Ralfe Poisson

Popular Entries

Articles
link Vulnerability Life Cycle - threat modelling
link Web Hacking 2.0
link Why Exploit Markets are Bad
link Ettercap-NG Workings and Defence
link The Zotob Summary

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.
Random Entry: iCommons iSummit
< OSVDB blog | Interview with Marcus Ranum >

Sunday, June 26. 2005

Reverse Engineering Microsoft Patches

Masters
OSVDB and a few other places have pointed out Havlar's new movie demonstrating his company, SABRE, and their product BinDiff, a plugin to the IDA dissasembler.

In the demonstration the MS05-025 patch is dissasembled and the vulnerability that was patched was discovered in less than 20 minutes. Reverse engineering patches isn't a new idea, I first mentioned it here last year and have even done it myself.

It does raise some interesting issues, particularly for the 'vulnerability research does more harm than good' camp, if you can reverse engineer the patch, then not releasing (most) vulnerability details will harm the administrator, as less information will be available in patch management decision making.

Are these patches really reducing the pool of available vulnerabilities or are they generating more holes than they are fixing by encouraging vulnerability research. I would argue it is mostly the former, but not always, and I don't think this topic is as dead as some people claim it is.

Then as the OSVDB blog points out, this may provide some usefull stats on which blocks of code are producing the most vulnerabilities by keeping track of which functions are being patched. This may provide some information to administrators as to which services are dodgy and information to vendors as to which blocks of code they should rewrite.

Posted by Dominic White in Masters at 13:39 | Comments (0) | Trackbacks (0)
Last modified on 2005-07-28 08:54

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

Quicksearch

Security Blogs

* Schneier on Security: Orange Balls as an Anti-Robbery Device

* ModSecurity Blog: WASC WHID Bi-Annual Report for 2010

* ha.ckers.org web application security lab: Bear In Woods Or Prairie Dog Ecosystem

* Tactical Web Application Security: WASC WHID Bi-Annual Report for 2010

* Schneier on Security: New German ID Card Hackable

* ha.ckers.org web application security lab: Cookie Expiration

* Liminal states: If She Ran the World She Would … (DRAFT)

* Liminal states: Women in tech startups: how each of us can help change the ratio, part 2 (DRAFT)

* terminal23: scalable desktop security scanning

* Schneier on Security: Parental Fears vs. Realities

* terminal23: symantec hack is whack is a case study

* ModSecurity Blog: Advanced Feature of the Week: Real-time Blacklist Lookups

* Schneier on Security: Consumerization and Corporate IT Security

* Sunnet Beskerming Security Advisories: PS3 Hack Spreads, Sony Update Kills It

* SEO BlackHat: Black Hat SEO Blog: Epassporte Dropped by Visa

* SecuriTeam Blogs: T2 Conference Challenges

* Billy (BK) Rios: PDF XSS (CVE-2010-0190)

* Liminal states: Links from the Arrington/TechCrunch women in tech kerfuffle

* Schneier on Security: Terrorism Entrapment

* Liminal states: Windstorms on Playa (Labor Day Weekend 2010)

(c) Dominic White 2010