Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Movies, ponds, and MS08_025.
From: "Stephen John Smoogen" <smooge () gmail com>
Date: Tue, 8 Apr 2008 14:53:25 -0600
On Tue, Apr 8, 2008 at 1:51 PM, Dave Aitel <dave () immunityinc com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1

 Movies: http://www.immunityinc.com/documentation/ms08_025.html

 Ah, the fun of a picture that changes over time. I guess the point with
 that little flash screencast is: It's not "exploit Wednesday"[1] anymore.

 Everyone's instinct is to attack the most secure platform - for example,
 when a patch only affects IE6, people think "whatever", but then I get
 emails from people who's entire large government organizations are
 standardized on IE6.  So IE6 bugs ARE important, which is nice because
 it's a much deeper pond to fish in.

 - -dave

 [1] I really hate that term anyways. It implies that exploits derive
 from patches, instead of the other way around. It sounds like something
 Jeff Jones would come up with. :>


Well there are a bunch of people who only look at what is patched and
then use it for their own feeding fests. They are also the ones
usually caught/stopped/etc and so it makes it look more like exploits
come from patches versus the other. The smart guys who rarely get
caught or attention have been using the vulnerability for a lot
longer.

Yes, it is quite common that IE6 is in heavy usage.. its one of the
reasons I saw Vista being delayed at a site. All the business tools
only work with IE6 and so that is what everyone uses. Some places are
trying to limit attack vectors by putting IE6 and god awful old
versions of Word in VM's that the users connect to. However, how
secure or useful that is.. I am not sure.

As you said, the flashy get the flag in Vista etc is the eye candy
that gets reporters, blogs, etc attention. The finding an exploit in a
5-7 year old version of Word gets poo-poo'd but since 80% of your
'moneyed' victims are still using it.. its what you want (plus you
don't grab the attention that might get you busted sooner.)


-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]