T
Thiago Campos Pereira
I need a support of the staff of the Microsoft.
Since the beginning of the year I am working in the CFLCL (Company of the
sector of energy with more than 15000 employees).
I am trying to convince the CFLCL to adopt the DotNet as tool of Web
development, but for this, I have that to obtain the approval of the
security staff.
The problem is that the security staff is fanatic with Linux and want that
the company adopts the J2EE. The great problem is that the faces are same
Hackers, for you to have idea, the Firewall was developed by it (all in
assembler), using the Linux to load the OS and later it all it takes off
Linux of air, assuming control of the operational system.
The argument that they use is that the DotNet delays very in loading the
process, besides using fixed addresses of memory.
With this, hacker can use the moment that the process of the AspNet is
loading and to generate a memory burst, obtaining to have access the
information to provoke great damages the CFLCL.
In accordance with them, the J2EE does not have this problem, therefore he
is fast to load and it does not use fixed addresses in the memory very,
making it difficult in the life of the Hackers.
But, so that the Hacker obtains to use this imperfection of the AspNet it
has that to make an attack in the hardware layer. It until showed to me as
if he makes, generating a failed in IRQ 115 (I find that the number is this)
that seems to be most serious, stopping all the processing of the machine
and allowing the action of the Hacker.
My argument is that to make this attack, hacker it has that to have access
the machine and that if the Firewall of it is good, we do not have with what
being worried, playing the responsibility on them.
But, I am trying to raise more arguments.
As this low-level question is not very my beach, I am looking support of
people can assist me in the subject.
Somebody can help me? Somebody know some publication on the subject that
can help me? He will be that you do not know somebody who can help me to
gain this "competition"?
Since the beginning of the year I am working in the CFLCL (Company of the
sector of energy with more than 15000 employees).
I am trying to convince the CFLCL to adopt the DotNet as tool of Web
development, but for this, I have that to obtain the approval of the
security staff.
The problem is that the security staff is fanatic with Linux and want that
the company adopts the J2EE. The great problem is that the faces are same
Hackers, for you to have idea, the Firewall was developed by it (all in
assembler), using the Linux to load the OS and later it all it takes off
Linux of air, assuming control of the operational system.
The argument that they use is that the DotNet delays very in loading the
process, besides using fixed addresses of memory.
With this, hacker can use the moment that the process of the AspNet is
loading and to generate a memory burst, obtaining to have access the
information to provoke great damages the CFLCL.
In accordance with them, the J2EE does not have this problem, therefore he
is fast to load and it does not use fixed addresses in the memory very,
making it difficult in the life of the Hackers.
But, so that the Hacker obtains to use this imperfection of the AspNet it
has that to make an attack in the hardware layer. It until showed to me as
if he makes, generating a failed in IRQ 115 (I find that the number is this)
that seems to be most serious, stopping all the processing of the machine
and allowing the action of the Hacker.
My argument is that to make this attack, hacker it has that to have access
the machine and that if the Firewall of it is good, we do not have with what
being worried, playing the responsibility on them.
But, I am trying to raise more arguments.
As this low-level question is not very my beach, I am looking support of
people can assist me in the subject.
Somebody can help me? Somebody know some publication on the subject that
can help me? He will be that you do not know somebody who can help me to
gain this "competition"?