Malware authors use a variety of obfuscation techniques to foil researchers and operate as covertly as possible on a userâs system. To that end, some of the techniques, like frequent changes of the executable (possibly daily) are designed to obstruct basic detection techniques. Often times, given a specific piece of executable code, it is not trivial to determine if the code is a piece of malware
æ¸ç±ãAndroid Securityããå®å ¨ãªã¢ããªã±ã¼ã·ã§ã³ãä½æããããã«ãã¯æ¢ã«åæ¹é¢ã§çµ¶è³ããã¦ããããã«ãAndroidã¢ããªã±ã¼ã·ã§ã³ã®éçºè ã«ã¯å¿ æºã®æ¸ç±ã ã¨æãã¾ãããæ°ããåéã ãã«ãé¦ãã²ãããããå¾ãªãç®æãããã¾ããããã®ã¨ã³ããªã§ã¯ãåæ¸ç¬¬10ç« ãæå·åææ³ãããå ±ééµã®çææ¹æ³ã«ã¤ãã¦è°è«ãã¾ãã ã¯ããã« æ¸ç±ãAndroid Securityãï¼æ¥çã§ã¯ãã¿ãªæ¬ãã¨å¼ã°ãã¦ããã®ã§ã以ä¸ã¿ãªæ¬ã¨è¨è¿°ï¼ã®10ç« ã§ã¯ã端æ«å ã®ãã¡ã¤ã«ãæå·åãã¦ä¿åããææ³ã«ã¤ãã¦èª¬æããã¦ãã¾ãããã®éã«åé¡ã¨ãªãã®ããéµã®çæã¨ä¿ç®¡ã®æ¹æ³ã§ããã¹ãã¼ããã©ã³ç«¯æ«ãã¨ãã«Android端æ«ã¯ãã¢ããªã±ã¼ã·ã§ã³ã®ãªãã¼ã¹ã¨ã³ã¸ãã¢ãªã³ã°ã¨ã«ã¼ãåã®å¯è½æ§ã¯å¸¸ã«ãããããããããå ´åã«ãç ´ãããªãæå·åã¨ãããã®ã¯ããã¾ããããã®ãããå®ãã¹ãæ å ±è³ç£ã¨ãæ³å®ããè å¨ï¼è¨ãæã
米澤ç SurveyBBSã«ããã¨ãSAFECode Projectã¨ããã®ããããããã Control-Cã®è©±ãããããå®å ¨ãªCãã¡ã¢ãªå®å ¨æ§ã100ï¼ éçã«ä¿è¨¼ãããããã°ã©ã ã«ã»ãã³ãã£ã¯ã¹å¶éã課ããåçã¡ã¢ãªç¢ºä¿ã¨ããã¤ã³ã¿ãé åã®ä½¿ãæ¹ã«é¢ãã¦ãæèã¯çµã¿è¾¼ã¿ã Cããã°ã©ã ç¨ã®å ¨èªåã®region inferenceã¢ã«ã´ãªãºã ãéçºãããããã ã ããã ãLLVMã®äººãã¡ããã£ã¦ãã®ããªã
Fedora Core 2 ã®kernelã«ã¯ãexec-shield ã¨ãããã»ãã¥ãªãã£å¼·åã®ããããçµã¿è¾¼ã¾ãã¦ãã¾ããã¤ã³ã¹ãã¼ã«ç´å¾ã®ç¶æ ã§ããããã¡ããã¨æ©è½ãã¦ããã調ã¹ã¦ã¿ã¾ããã ã¾ããã®(1)ãã¢ãã¬ã¹ã¹ãã¼ã¹ã®randomizeæ©è½ã§ããããã¯ããã©ã«ãã§ã°ã£ã¡ãå¹ãã¦ãã¾ãããbuffer overflow ãªã©ã«ãã exploit ãå°é£ã«ãªãã¾ãã # cat /proc/sys/kernel/exec-shield-randomize 1 ã©ã®ããã«åãã¦ããã®ããå°ããªã³ã¼ããæ¸ãã¦ãã§ãã¯ãã¦ã¿ã¾ããã $ cat > print_stack_address.cpp #include <cstdio> unsigned long get_esp(void) { __asm__("movl %esp, %eax"); } int main(void) {
å°ãã¿ãMSã®ä¸ã®äººã®blogããªãã¨ãªãçºãã¦ãããã Address Space Layout Randomization in Windows Vista - Function Pointer Obfuscation http://blogs.msdn.com/michael_howard/archive/2006/05/26/608315.aspx Protecting against Pointer Subterfuge http://blogs.msdn.com/michael_howard/archive/2006/01/30/520200.aspx ã¨ããè¨äºãããã¾ãããè¦ç´ããã¨ããé·çããããã¤ã³ã¿ï¼ç¹ã«é¢æ°ãã¤ã³ã¿ï¼ã¯æªç¨ãããããã®ã§ãå¤ãç´ ã®ã¾ã¾æ ¼ç´ããªãã»ãããããã¨ãã話ã§ããé·çããªãã¤ã³ã¿ã¨ããã®ã¯ã atexité¢æ°ã§ç»é²ãããé¢æ°ã¸ã®ãã¤ã³ã¿ (ãã
å é±æ« IS01 㧠root 権éãå¿ è¦ãªã¢ããªã使ããããã«ãªã£ãã°ãããªã®ã«ã ãã®ããã 4æ¥å¾ã ã¹ãã¼ããã©ã³ï¼ 2chæ²ç¤ºæ¿ã«ä»¥ä¸ã®æ¸ãè¾¼ã¿ãããã ã«ã¼ãã«ç©ºéã¸ã®ä¾µå ¥å£ãæããã«ããã¦ãã¾ã£ãã ä¸çªä¹ããæããã goroh_kun ããã«æ¬æã表ãã¤ã¤ãã IS01 ã®ãããã¯ãããã®ç¨åº¦ã ã£ããã¨ãæ®å¿µã§ãããã ãroot ãåããã¦ã大ä¸å¤«ãªä½ãã«ãªã£ã¦ããã ã¨éçºè ã豪èªãã ããã IS01 ã®çºå£²ãã 5ã¶æéãç ´ãããªãã£ãã®ã ããã ããããéå£ã®å®ããªã®ã ããã¨æã£ã¦ããã®ã«ã ãããªåãããããç©´ããã£ãã¨ã... (è² ãæãã¿ ^^;)ã ãROMç¼ããau IS01 root2ããããããéãæªæ¥ã¸ã ... 317 ï¼goroh_kunï¼2010/12/01(æ°´) 03:14:21 ID:LGLTLBmZ èªåèµ·åä»è¾¼ãã¨ããã大ä½è¦ã¤ãã¾ã
第2å ã»ãã¥ãªãã£è³ä¸ä¸»ç¾©ããã»ãã¥ãªãã£å¸å ´ä¸»ç¾©ã¸ æ«»åºãå¥å¹´ æ¥ç«è£½ä½æ ã·ã¹ãã éçºç 究æ Linuxãã¯ããã¸ç ç©¶é¨ ä¸»ä»»ç ç©¶å¡ 2007/7/11 æ´å²çãªçµç·¯ããã»ãã¥ã¢OSã¯è¤éãªåºèªããã£ã¦ãã¾ãã第1åã§ç´¹ä»ãããè³ä¸ä¸»ç¾©æ´¾ãã¨ãã«ã¸ã¥ã¢ã«æ´¾ãã¨ããäºã¤ã®æµæ´¾ãä»åã¯ã»ãã¥ãªãã£è³ä¸ä¸»ç¾©æ´¾ã®èãæ¹ã¨æ´å²ãåºã«ããã®æ¥ãæ¹è¡ãæ«ãèãã¦ã¿ããã¨æãã¾ãï¼ç·¨éé¨ï¼ ã»ãã¥ãªãã£è³ä¸ä¸»ç¾©æ´¾ã®ææ³ã®æ ¹æ¬ã¯ãã»ãã¥ãªãã£ã®ä¿è¨¼ã®è¿½æ±ã«ããã¨èãããã¾ããä»åã¯ã»ãã¥ãªãã£è³ä¸ä¸»ç¾©ã®æ´å²ãã²ãã¨ããã¨ã§ãã»ãã¥ã¢OSã®æãç«ã¡ãããã¦ãªãææ³ãã¶ã¤ããåãã®ããç´¹ä»ãã¦ããããã¨æãã¾ãã ä½ãå®ãããã®ã»ãã¥ãªãã£ãªã®ãï¼ ã»ãã¥ãªãã£ã¯ãå®ããã®ã®ä¾¡å¤ã«ãã£ã¦ããããæéããéãé©ç¨ããæ段ãéã£ã¦ãã¾ããã»ãã¥ãªãã£ã§å®ãã¹ãæã価å¤ã®ãããã®ã¨ã¯ä½ã§ããããã æ´å²çã«è¦ã¦
第1å ææ³ã®æ°ã ãã»ãã¥ã¢OSã¯çã¾ãã ææ ç§æ Linuxã³ã³ã½ã¼ã·ã¢ã çäº å ¼ ã»ãã¥ãªãã£é¨ä¼ãªã¼ãã¼ 2007/6/1 ãªãã»ãã¥ãªãã£ã確ä¿ããããã®OSãå¿ è¦ã¨ãããã®ã§ãããããããã¦ã»ãã¥ãªãã£ãé«ããã¨ãããã¨ãå¯ä¸ã®ã´ã¼ã«ã§ããã«ãããããããããã¤ãã®ç¨®é¡ã®ã»ãã¥ã¢OSãçã¾ããã®ã§ãããããæ¬é£è¼ã§ã¯ãã®çããæ¢ãã¹ããã»ãã¥ã¢OSãæ¯ãã人ãã¡ã®ãææ³ãã«æ³¨ç®ãã¾ãï¼ç·¨éé¨ï¼ ï¼ ITãå«ããå¤ãã®ã¡ãã£ã¢ã§ã»ãã¥ã¢OSãç´¹ä»ããã¦ãã¾ããæãããSELinuxãLIDSãTOMOYO Linuxãªã©ã®ç´¹ä»è¨äºãã覧ã«ãªã£ãæ¹ãå¤ãã§ãããã ã»ãã¥ã¢OSã¨ãã£ã¦ããã¾ãã¾ãªãã®ãããã¾ããçè ããªã¼ãã¼ãåããLinuxã³ã³ã½ã¼ã·ã¢ã ã»ãã¥ãªãã£é¨ä¼Wikiã§ã¯ãæ°ã ã®ã»ãã¥ã¢OSãç´¹ä»ããã»ãã¥ã¢OSãé¸æããããã®è©ä¾¡é ç®ãå ¬éãã¦ãã¾ããããã¯ãå®
The integrity measurement architecture (IMA) has been a part of Linux for roughly a year nowâit was merged for 2.6.30âand it can be used to attest to the integrity of a running Linux system. But IMA can be subverted by "offline" attacks, where file data or metadata is changed out from under IMA. Mimi Zohar has proposed the extended verification module (EVM) patch set as a means to protect against
One of the many new features in the 2.6.11 kernel was a driver for "trusted platform module" (TPM) chips. This driver made the low-level capabilities of TPM chips available, but gave no indication of what sort of applications were envisioned for those capabilities. Reiner Sailer of IBM has now taken the next step with a set of patches implementing the "Integrity Measurement Architecture" (IMA) for
Environment Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise MRG Issue Denial of service flaws in the way TCP connections are handled have been disclosed by Robert E. Lee and the late Jack C. Louis of Outpost24 AB. These flaws allow an attacker to create crafted TCP connections, which can eventually exhaust the receiver's system resources and lead
2008å¹´ä¸æã«ã¯ãPerl ã® File::Path ã¢ã¸ã¥ã¼ã«ã® rmtree é¢æ°ã«é¢ãã CVE ã 3件çºè¡¨ãããã (CVE-2008-2827, CVE-2008-5302, CVE-2008-5303)ã¾ããsymlink attack ã«é¢ãã CVE 㯠100件以ä¸åºã¦ããã ãã³ãã©ãªãã¡ã¤ã«ã®æ±ãã«é¢ããåé¡ã¯å¤ããããããããã¾ã ã«å¤ãã®åé¡ãçºçãããããã§æ¬ç¨¿ã§ã¯ãã³ãã©ãªãã¡ã¤ã«ã®æ±ãããã«ã¤ãã¦è§£èª¬ãããã¾ããå®å ¨ãªåé¤ã«å©ç¨ã§ããæ°ããã·ã¹ãã ã³ã¼ã«ãææ¡ããã¦ããã®ã§ãããã«ã¤ãã¦ã触ããã ãã³ãã©ãªãã¡ã¤ã«ã¯ããã°ã©ã ãä¸æçã«å©ç¨ãããã¡ã¤ã«ã§ããã Unix ã«ããã¦ã¯ /tmp ã /var/tmp ã¨ãããã£ã¬ã¯ããªãæä¾ããã¦ããããã¹ã¦ã®ã¦ã¼ã¶ããã®ãã£ã¬ã¯ããªä¸ã«ãã³ãã©ãªãã¡ã¤ã«ãçæã»åé¤ããã®ãæ £ç¿ã§ãããæ¬ç¨¿ã§ã¯ããããã®ã
ãã®ææ¸ã¯ãLinux ããã³ Unix ã·ã¹ãã ä¸ã§å®å ¨ãªããã°ã©ã ãæ¸ãéã«å¿ è¦ã¨ ãªãè¨è¨ãå®è£ ã«ã¤ãã¦ããã®ã¬ã¤ãã©ã¤ã³ãæä¾ãã¾ãã é éã®ãã¼ã¿ãè¦ãããã®ãã¥ã¼ã¢ã¼ã Web ã¢ããªã±ã¼ã·ã§ã³(CGI ã¹ã¯ãªãã ãå«ã)ããããã¯ã¼ã¯ã»ãµã¼ããsetuid ã setgid ãã¦ããããã°ã©ã ã対象ã§ãã C ã C++ãJavaãPerlãPHPãPythonãTCLãAda95 åå¥ã®ã¬ã¤ãã©ã¤ã³ãæ²è¼ãã¾ãã Table of Contents1. ã¯ããã«2. èæ¯2.1. Unix ã Linuxããªã¼ãã³ã½ã¼ã¹ããã㯠ããªã¼ã½ããã¦ã§ã¢ã«ã¤ãã¦2.2. ã»ãã¥ãªãã£ã®åå2.3. ãªãããã°ã©ãã¯å±ãªãã³ã¼ããæ¸ãã¦ãã¾ãã®ã2.4. ãªã¼ãã³ã½ã¼ã¹ã¯ã»ãã¥ãªãã£ã«å¹æãããã®ã2.5. å®å ¨ãªããã°ã©ã ã®ç¨®é¡2.6. çãæ·±ãããã ãããå¼·ããã¨ã«ä¾¡å¤ããã
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}