Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products]
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Tue, 31 Oct 2006 20:40:49 -0000

Gadi Evron wrote:

Nothing really surprises me anymore. The quality of advisories and QA
people do seems to be dropping, especially when it comes to File
Inclusions. The level of false positives posted in the last couple of
weeks is staggering.

Folks use Google Code Search to find vulns, and don't notice they are
fixed 3 lines above the "bug" and that three lines below, there is
another one.

Last week, one of these File Inclusion vulns worked only if you
disabled two security functions that work by default...

Up to this day, vulnerabilities and exploits would be researched to a
level, and released AS-IS. This is fast becoming impracticle.

If the S/N ratio of ADVISORIES rather than ML traffic becomes even
lower
due to unreliable submissions, our jobs will indeed become much, much
harder.

  :)  Perhaps the antisec/bantown crew have developed a new strategy to try 
and shut-down FD by flooding it with useless-but-valid-seeming information? 
Just as spammers have moved on from random hashbuster strings to including 
chunks of real english text from news reports and books, so the antisec 
posters have moved on from furry pr0n and gay lames to real-yet-wrong bug 
reports.  Subtle, you'll never get even a really good bayesian filter to 
discriminate between valid and bogus bug reports!

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault