mailing list archives
When do exploits get used?
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 22 Mar 2004 13:46:43 -0600
--On Monday, March 22, 2004 05:04:43 PM +0000 Ben Laurie
<ben () algroup co uk> wrote:
Note: I changed the subject to more accurately reflect the discussion.
This is foolish thinking. Do you really think that, when a patch comes
out, *then* the hackers start working on exploits? The exploits were
being used *long* before the patch comes out. The only thing a patch
gets you is protection against *future* hack attempts against *that*
This is demonstrably not true - it depends who finds the problem.
So, it's not true, except it depends? Then it is true.
Not *every* exploit comes out after a patch is released, but it's a fact
that *some* exploits are in use long before a "researcher" reports them to
a vendor and/or a patch comes out.
To think otherwise is foolish, as I said. If one isn't paranoid, one
probably doesn't belong in the security field. If you're sitting back
thinking you're safe because you're patched and you patch quickly, then
you're unalert and exposed.
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.