17 April 2008

Tricky Things, Ecosystems

A decade ago, I and others started wittering on about the Microsoft monoculture - the fact that practically everyone was using the same OS, the same browser, the same office suite. This made crafting attacks much easier, because certain assumptions about what was on a given machine were almost certainly true.

Nowadays, with the rise of Firefox and, to a lesser extent, OpenOffice.org, you might think we've moved on. Apparently not:

We have different versions of the OS, and we have Mac users. But we’ve only got one Flash vendor, and everyone has Flash installed. Why do you care about Flash exploits? Because in the field, any one of them wins a commanding majority of browser installs for an attacker.


Although this document deals specifically with the Win32/intel platform, similar attacks can most likely be carried out on the many other platforms flash is available for. In particular, some of the methodology discussed might be useful for constructing a robust exploit on Unix platforms as well as several embedded platforms.

In other words, ecosystems need to be heterogeneous everywhere: as soon as you have a monoculture in some area, that becomes a weakness for the entire system to be attacked.

No comments: