Dailydave: Re: The lack of hard questions

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: The lack of hard questions

From: Charles Miller <cmiller () securityevaluators com>
Date: Wed, 27 Aug 2008 17:43:43 -0500

But the problem is, if there are only a handful of people who can make  
a reliable exploit for a particular vulnerability (or not) and none of  
them work for MS, how can MS accurately determine whether an exploit  
for a particular vulnerability will be somewhat reliable or totally  
reliable (or not possible at all)?  Doesn't anyone remember gobbles :)


On Aug 27, 2008, at 4:55 PM, Valdis.Kletnieks () vt edu wrote:

On Wed, 27 Aug 2008 09:05:42 EDT, Pusscat said:

My assumption would be that if it can be made reliable by anyone,  
then it's
reliable. It probably shouldn't be a quantum value, collapsed by our
inability ;)


Yes, it only has to be weaponized once.


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

Re: The lack of hard questions, (continued)
- Re: The lack of hard questions Charles Miller (Aug 26)
  - Re: The lack of hard questions Pusscat (Aug 27)
    - Message not available
    - Re: The lack of hard questions Charles Miller (Sep 01)
    - Re: The lack of hard questions ergosum (Sep 01)
    - Re: The lack of hard questions Charles Miller (Sep 02)
    - Re: The lack of hard questions Matt (Sep 03)
    - Re: The lack of hard questions Pusscat (Sep 03)
    - Re: The lack of hard questions Matthieu Suiche (Sep 02)