Bugtraq mailing list archives
Re: Internet Explorer 0day exploit
From: "Zow" Terry Brugger <zow () llnl gov>
Date: Thu, 19 Jul 2007 13:06:08 -0700
ideal world. Many of the advisories I look at almost always cover the same type of vulnerability. Shouldn't we have learned by now, if we consider your argument?
It's been a while, but one of the great things I've seen Bugtraq used for is to look at the distribution of vulnerabilities. In the past few years, my perception is that there's been a decline in the number of buffer overflow attacks and most of what we see today are web attacks like cross-site scripting and remote file injection. Seeing these trends is important because it tells us as a community where we need to focus our efforts.
However, perhaps one/I just need to shift the way I look at advisories. Rather than seeing them as "late" and "out-of-date", they could be an additional source of information about a particular system. I'll accept that.
That too. Let me tell you, if I ever need to set up a web forum for something, I'm going to look at Bugtraq to see what the track record is for the systems I'm considering.
are almost at the verge of being completely void. A remedy for that would be to have the security community agree on a common "advisory protocol" that defines a guideline for contents in an advisory. Anyways,
Great idea! Much like the RFP vendor notification policy (Which I haven't seen mentioned in a while, so I encourage everyone doing vulnerability research to see http://www.wiretrip.net/rfp/policy.html). Anyone care to propose a template (presumably if someone who the community respects does so, it's more likely to catch on)? Terry import standard.disclaimer;
Current thread:
- Internet Explorer 0day exploit Thor Larholm (Jul 10)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 13)
- Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 17)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 18)
- Re: Internet Explorer 0day exploit Zow (Jul 18)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 20)
- Re: Internet Explorer 0day exploit Zow (Jul 19)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 20)
- Re: Internet Explorer 0day exploit Chad Perrin (Jul 20)
- RE: Internet Explorer 0day exploit Ken Kousky (Jul 23)
- RE: Internet Explorer 0day exploit Hugo van der Kooij (Jul 24)
- RE: Internet Explorer 0day exploit Roger A. Grimes (Jul 24)
- Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 13)
- Re: Internet Explorer 0day exploit Bigby Findrake (Jul 18)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 20)
- Message not available
- Re: Internet Explorer 0day exploit Aaron Katz (Jul 23)
- Re: Internet Explorer 0day exploit Aaron Katz (Jul 23)
- <Possible follow-ups>
- Re: Re: Internet Explorer 0day exploit piercede (Jul 23)