OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Can A Web Site Be Reliably Defended Against DoS Att acks?

[ Lists Home | Date Index | Thread Index ]
  • To: "Rich Salz" <rsalz@datapower.com>
  • Subject: RE: [xml-dev] Can A Web Site Be Reliably Defended Against DoS Att acks?
  • From: "Dare Obasanjo" <dareo@microsoft.com>
  • Date: Wed, 4 Feb 2004 13:45:41 -0800
  • Cc: <xml-dev@lists.xml.org>
  • Thread-index: AcPrZR8rEWFNgCAIQVKNmbLQt2spPAAAXbT4
  • Thread-topic: [xml-dev] Can A Web Site Be Reliably Defended Against DoS Att acks?

Ah, I'm not sure any of these would have stopped MyDoom
1.) It came as an zipped attachment which can only be saved from most mail clients. Once saved to disk it is no longer an attachment although you could save it to some quarantined zone on the hard drive then you have the problem of letting the user know where it was saved to. 
2.) The executable was self contained and didn't exploit Office as far as I'm aware so any special tricks in the Office family of products wouldn't have made a difference. 
Blessed are the meek for they shall inherit the Earth, minus 40% inheritance tax. 


From: Rich Salz [mailto:rsalz@datapower.com]
Sent: Wed 2/4/2004 1:32 PM
To: Dare Obasanjo
Cc: xml-dev@lists.xml.org
Subject: Re: [xml-dev] Can A Web Site Be Reliably Defended Against DoS Att acks?

Dare Obasanjo wrote:
> how would you solve the problem exploited by
> this current virus on any one of the popular operating systems existing
> today?

You serious?  You want me to solve one of the Internet's biggest
problems, when the world's largest software company hasn't been able to
do so?  Wow, such faith you have in me, it's humbling. :)

Anyhow, here's a couple of ideas.  They don't solve the problem of how
you get all those customers who are new screwed by the original crappy
versions to upgrade.

1.  The only thing you can do with an email attachment is SAVE it. That
probably meets the 80/20 rule.

2.  Provide separate executables that are viewer-only versions of the
Office Suite.  (Don't use the standard program with a flag as that's
susceptible to stack-smash attacks.  If the code isn't in the
executable, it can't be run.  Along those lines, use a special version
of LoadDLL that limits where it will load from)  Ensure attachments can
only run those programs.  Make it extensible, by providng an "Attachment
Exectuables" directory, and let others add programs into there.

Prior art: http://research.sun.com/research/techrep/1997/abstract-60.html
I think I created the concept -- I should have filed a patent. :)


Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS