mailing list archives
Re: Faster, smashter.
From: Dragos Ruiu <dr () kyx net>
Date: Mon, 8 Dec 2008 18:43:47 -0800
On 8-Dec-08, at 11:38 AM, Fisher, Dennis wrote:
I wrote a column last week along the same lines as what Dave has to
Not coincidentally, the column was the result of a discussion with
and some others a couple of weeks ago. Dave suggested I post it here.
Dennis, go ahead and stop patching, but don't expect us all to
Also, I've noted a big discrepancy between the talk and bragging about
having unpublished vulns
(let's stop using that silly now meaningless 0day term shall we :) and
the actual vulnerabilities and
their severities that people have access to. How many times have I
seen speakers at conferences
talk up the FUD about some vulnerability that turned out to totally
fizzle in practice? Uh, lots...
IMHO the actual problems we see from unpublished vulnerabilities are
few and far between. Fortunately,
they aren't quite so common that they are thrown around carelessly -
because to use an unpublished
vuln is to run the risk of losing it. :-)
When a new unpublished vulnerability is discovered in use it's usually
big news (points to MS08-067).
It also seems most of the malware can do just fine using the same old
low hanging fruit they've always accessed.
I would also note that it's misleading to say you should throw in the
towel because one unpublished vuln
can pop your box. There is more to it than that if you are doing your
job right. Can they pop it without
being discovered... for how long, and how often? And how good are your
backups :-P ?
So, I'm not with you in declaring efforts at security a waste of time.
As a matter of fact I completely
disagree with you, and think we have been making some slow
progress.... note for instance the
shift to low level vulns and application/client software as the OSes
and network stacks get
(slowly) hardened. These days remote pre-auth anything is a big deal -
that certainly wasn't
the case back when the one line patch to samba to make it an exploit
tool for that SMB flaw
was first circulating. So let's give those security teams at least a
few deserved pats on the back
instead of jumping on the "OMG we're doomed bandwagon." There is still
a lot of work to
be done, but throwing in the towel or trying to get others to isn't
going to get any of it done.
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada March 16-20 2009 http://cansecwest.com
London, U.K. May 27/28 2009 http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp
Dailydave mailing list
Dailydave () lists immunitysec com
Re: Faster, smashter. rauc (Dec 09)