mailing list archives
Re: unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products]
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Tue, 31 Oct 2006 20:40:49 -0000
Gadi Evron wrote:
Nothing really surprises me anymore. The quality of advisories and QA
people do seems to be dropping, especially when it comes to File
Inclusions. The level of false positives posted in the last couple of
weeks is staggering.
Folks use Google Code Search to find vulns, and don't notice they are
fixed 3 lines above the "bug" and that three lines below, there is
Last week, one of these File Inclusion vulns worked only if you
disabled two security functions that work by default...
Up to this day, vulnerabilities and exploits would be researched to a
level, and released AS-IS. This is fast becoming impracticle.
If the S/N ratio of ADVISORIES rather than ML traffic becomes even
due to unreliable submissions, our jobs will indeed become much, much
:) Perhaps the antisec/bantown crew have developed a new strategy to try
and shut-down FD by flooding it with useless-but-valid-seeming information?
Just as spammers have moved on from random hashbuster strings to including
chunks of real english text from news reports and books, so the antisec
posters have moved on from furry pr0n and gay lames to real-yet-wrong bug
reports. Subtle, you'll never get even a really good bayesian filter to
discriminate between valid and bogus bug reports!
Can't think of a witty .sigline today....
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/