Bugtraq mailing list archives
Re: Vulnerabilities in some SCADA server softwares
From: bugtraq () cgisecurity net
Date: Wed, 23 Mar 2011 17:51:24 -0500 (EST)
If *any* threat exists, that threat is increased by public exposure of unmitigated attack methodologyI think you have it wrong. Public exposure increases the visibility, and therefore customers install the patches quicker. Without public visibility, they will keep running the old code.
Actually both are true. More systems will be owned by these unmitigated issues since more attackers will be aware of their existence. While it is true that others knew about these issues (always assume so), many more will know about them now, and more systems likely will be exploited. This was certainly the case when tavis published an unmitigated windows vuln http://www.theregister.co.uk/2010/06/30/windows_exploit_spike/ . To your point people who 'are paying attention' will patch once a patch is available, and others who wouldn't normally know will see this in the news and become more aware of the issue/s. I don't think people on this list are arguing that the public shouldn't be made aware of problems in these devices, they are arguing that POC shouldn't be published for unmitigated issues as it doesn't benefit users. If you can provide real world statistics to the list demonstrating proof that people are safer by being aware of unmitigated threats with working PoC's, please send it to the list. I don't ask this to flame you, I think that this is data that people would be genuinely interested in learning from. Regards, - Robert http://www.qasec.com/ http://www.webappsec.org/
Current thread:
- Re: Vulnerabilities in some SCADA server softwares, (continued)
- Re: Vulnerabilities in some SCADA server softwares Luigi Auriemma (Mar 23)
- RE: Vulnerabilities in some SCADA server softwares Jim Harrison (Mar 23)
- Re: Vulnerabilities in some SCADA server softwares Theo de Raadt (Mar 23)
- Re: Vulnerabilities in some SCADA server softwares J. Oquendo (Mar 23)
- Re: Vulnerabilities in some SCADA server softwares Simple Nomad (Mar 23)
- Message not available
- Re: Vulnerabilities in some SCADA server softwares Simple Nomad (Mar 24)
- Re: Vulnerabilities in some SCADA server softwares Kent Borg (Mar 24)
- Re: Vulnerabilities in some SCADA server softwares Theo de Raadt (Mar 23)
- Re: Vulnerabilities in some SCADA server softwares Jamie Riden (Mar 24)
- Re: Vulnerabilities in some SCADA server softwares Willy Tarreau (Mar 25)
- Re: Vulnerabilities in some SCADA server softwares bugtraq (Mar 24)
- Re: Vulnerabilities in some SCADA server softwares CJC (Mar 24)
- Re: Vulnerabilities in some SCADA server softwares Michal Zalewski (Mar 24)
- Re: Vulnerabilities in some SCADA server softwares J. Oquendo (Mar 23)
- Re: Vulnerabilities in some SCADA server softwares Mike Hoskins (Mar 23)
- Re: Vulnerabilities in some SCADA server softwares J. Oquendo (Mar 24)