Shawn Moyer: (un)Smashing the Stack: Overflows, Countermeasures, and the Real World
Jan 09, 2006•1 hr
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to implement/enable.
So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing.
The fact remains that many (though not all) implementations are incomplete at best, and at worst are simply bullet points in marketing documents that provide a false sense of safety.
This talk will cover the current state of software and hardware based memory corruption mitigation techniques today, and demystify the myriad of approaches available, with a history of how they've been proven, or disproved. Our focus will be on building defense-in-depth, with some real-world examples of what works, what doesn't, and why.
As an attendee, you should come away with a better understanding of how to protect yourself and your boxes, with some tools to (hopefully) widen the gap between what's vulnerable and what's exploitable.
So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing.
The fact remains that many (though not all) implementations are incomplete at best, and at worst are simply bullet points in marketing documents that provide a false sense of safety.
This talk will cover the current state of software and hardware based memory corruption mitigation techniques today, and demystify the myriad of approaches available, with a history of how they've been proven, or disproved. Our focus will be on building defense-in-depth, with some real-world examples of what works, what doesn't, and why.
As an attendee, you should come away with a better understanding of how to protect yourself and your boxes, with some tools to (hopefully) widen the gap between what's vulnerable and what's exploitable.
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast