Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Facebook Attach EXE Vulnerability
From: Peter Dawson <slash.pd () gmail com>
Date: Tue, 1 Nov 2011 11:56:43 -0400

Yes to a certain degree its all about " Saving FACE". .. however FB's
30member integrity team is only bothered about how to manage the vectors
that have been primed to protect.

FB is the  largest network "protected" .. (YES big word Protected !! / they
have over 25B checks per day and reaching upto 65K/sec at peak.  Building
an Immune System as large as FB's takes time, but its only on known
vectors. The unknown is never realized unless one is willing to collaborate
and confirm with user/community.   Large Org's have the syndrome if living
in the "ivory tower" and that is the biggest downfall.

What could have happened if a zero day was filed and alternative markets
were sought with this bug ?  Yes, alternative markets pay better !.. but
just saying. .what  was damage ratios to users ?


On Tue, Nov 1, 2011 at 9:03 AM, Mikhail A. Utin
<mutin () commonwealthcare org>wrote:

Face Book is trying to save its face. It's typical.
I got the same answer from SonicWALL one year ago when discovered that
simple internal network scanning (Nessus, Nmap, etc.) brings down entire
network. The firewall internal TCP connections stack was overloaded within
a few seconds (IPS is not enabled, thus was not accepting new connections.

Mikhail A. Utin, CISSP
Information Security Analyst

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]