Home page logo

fulldisclosure logo Full Disclosure mailing list archives

When do exploits get used?
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 22 Mar 2004 13:46:43 -0600

--On Monday, March 22, 2004 05:04:43 PM +0000 Ben Laurie <ben () algroup co uk> wrote:

Note: I changed the subject to more accurately reflect the discussion.

This is foolish thinking.  Do you really think that, when a patch comes
out, *then* the hackers start working on exploits?  The exploits were
being used *long* before the patch comes out.  The only thing a patch
gets you is protection against *future* hack attempts against *that*

This is demonstrably not true - it depends who finds the problem.

So, it's not true, except it depends?  Then it is true.

Not *every* exploit comes out after a patch is released, but it's a fact that *some* exploits are in use long before a "researcher" reports them to a vendor and/or a patch comes out.

To think otherwise is foolish, as I said. If one isn't paranoid, one probably doesn't belong in the security field. If you're sitting back thinking you're safe because you're patched and you patch quickly, then you're unalert and exposed.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]