|
http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=26 [º¹»ç]
That is very good question that uhh this typical list of threat
are i dont know if you have had a chance look at this guy in Microsoft
I'm keep refering to Microsoft, becaues a lately I've been looking their web site quite a bit.
ahh I know bad thing. I intially starts rufing the threads guy from the open BST cording standard--(¹º ´ëȸ´ø°¡ ´Üü´ø°¡).
They have some really good stuff over there.
We stated also a looking at all the good,, i've been doing a lot of cc++ related stuff,
so what i've been trying to combine together is a all the wonderability that have been release _____time,
and open source software and trying to figur what those wonderability were, from _____ point of view,
and then look at threat model, and trying to attach with air(?).
Does it someone making sence?
so going to CVE are minor or other side with actually tell you open___________ was
___________to ____ by one attack, so you go and look at that and figure out ok this are the
major types of attacks from when there is loop. right?
so from an external point of view, when you look at the loop, what are the major problems?
if there is any loop, that is reciving external data will talk _______ movement in MCC++ ___
Where they can be issues, and why is that existing and then you _____ that _____ (map that backÀ¸·Î µé¸®´Âµ¥,,)
to your major threat. That comes down to either recieving data from the outside, ________
either you can go through the major files _______________________
and you just mark everything under those major areas, or you can combine,,
everyone has different method of doing it, so what we take(?) to do,, depending on games,
depends on application, if its bad application, it would make a lot of sence,
go to ________ or someother websites,
and figure out what the major threads are from their point of view. right?
But the cc++, these are the one that major the we had big classify them under(???), and then
figure it out under bases of that.
Thus that some of answer of your question?
Áú¹®ÀÚ ¹¹¶ó¹¹¶ó
ahh
right so basically this question is ______ that how do we understand all of major threads
that exist in an application. Would that be correct?
ahhh that might not having define(define ÀÎÁö defeat)
or that it have been define. so the ones that have been define that is not much for problem
that you can list them, you can assign them _______________ figure out by that you want to do it or not.
That have not been define amm that is the most difficult task thats why
you move back to the first change of the process, you remember i talked about,
getting as much as micron(?) information and documenting all that?
When you new class of thread comes out then you go back and look at your documentation,
and say "ok thus this application has something,, is it doing something of the start"
like today, ELB ,~~~~ JOne i think right? (Áß¿äÇÏÁö ¾ÊÀ½)
He was talking about it might be something that is slightly unique, that is not been discuss
openly so much, So you might have aaa if you had initialy done research on your application
and say that ok, my application is provider(ÇÁ·Î¿ÍÀÌ´õ¶ó µé¸®´Âµ¥,,) and itself.
right? and you go back to your code and
Is it a provider(?) is it doing any kind of check?
my provider is first one or is there a different provider thats coming ahead of time and then you can figure ou
t
okay there is possibility of threat, then you go back to your code and figure it out
does that help?
Yes sir,
Áú¹®ÀÚ°¡ ¹°¾îº¸´Âµ¥ ¼Ò¸®¸¦ ÃÖ´ë·Î Å°¿öµµ ¾Èµé¸®³×¿ä ¤Ì¤Ì ³ëÆ®ºÏÀÌ¶ó¼ ±×·±°¨,,
Yes i had look at that. It is a ..Yes
The question was have you look at attack tree is that Jone---(»ç¶÷À̸§) and couple of other guys have done?
Basically, i have look at that and my opinion is everything is still pertty new and everyone is developing
their own technique, becuz they are finding,, they have been reviewing ______ or they have been reviewing
products for while and it is not so much as science and ____________ trying figure out what's....
Thats why mine is proposal which, hopefully, other people can try and use.
and they will be other people proposing different techniques and um which suits you best would be
the ideal technique. I'll take a little while to figure out what is the best technique for you
becuz for the longest i used to try to do the Microsoft method and didn't really fit in, well for me
and not becuz that is not,,may not be a good method or its a bad method. It just didn't the way i thaught
was not the way that person who came up with that was thinking.
ÀÏ´Ü ¸®½º´× ³¡³Â°í¿ä,, ¤Ì¤Ì ´Ê¾î¼ ¤¸¤µ
¹ø¿ªÀº,,,,¤¿¤¿¤¿
ºóÄÀÌ ³Ê¹« ¸¹¾Æ FAIL
|
Hit : 1911 Date : 2011/05/11 12:59
|
97, 
1/4 
