Dailydave mailing list archives
Re: WMF and the Windows Vulnerability Drought :>
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Mon, 2 Jan 2006 15:57:14 -0600
On Monday 02 January 2006 15:20, Dave Aitel wrote:
So I'm not sure why Sans Diary has people calling HD Moore irresponsible, when all he did was point out the brutally obvious: You can't write reliable network IDS signatures for these client side bugs.
From the F-Secure web site: - http://www.f-secure.com/weblog/archives/archive-012006.html#00000758 "Making such tools publicly available when there's no vendor patch available is irresponsible. Plain and simply irresponsible. Everybody associated in making and publishing the exploit knows this. And they should know better. Moore, A.S, San and FrSIRT: you should know better." The AV industry sure doesn't like it when their products are completely inneffective against the biggest exploit of the year. They like it even less when you publish a one-byte change that breaks their signatures. I can't blame them for being upset, but this public attempt at "scolding" is just pathetic. On a somewhat funny note, a poll was added to the ISC web site (by Swa Frantzen) that I figured the folks on here would appreciate: --- Q: Was the release of the 2nd generation WMF exploit on Dec 31st 2005 irresponsible ? 39 % =>Yes, I 'd like to see the authors brought to justice 22 % =>Yes, they made the world a worse place 28 % =>No, the bad guys had already equal ammunition 10 % =>No, I believe the ends did justify the means Total Answers: 797 --- I contacted the ISC team about this -- introducing the exploit authors as people that need to be "brought to justice" is about one step from libel. So far, only 39% of ISC's visitors want to see my ass thrown in jail. I can't help to think that the wording of that first poll option has something to do with it. On the same page as the poll is a nice post from Marcus suggesting that people check out the Metasploit Framework. Go figure :-) The poll can be found online at: - http://isc.sans.org/ Next poll on the ISC web site, "What limb would you most like to have devoured by flesh-eating scarabs?"... -HD
Current thread:
- WMF and the Windows Vulnerability Drought :> Dave Aitel (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Barrie Dempster (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> H D Moore (Jan 02)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Orlando Padilla (Jan 03)
- Re: WMF and the Windows Vulnerability Drought :> Florian Weimer (Jan 03)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Frank Knobbe (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Michael A Stevens (Jan 04)
- RE: WMF and the Windows Vulnerability Drought :> Dave Korn (Jan 05)
- <Possible follow-ups>
- RE: WMF and the Windows Vulnerability Drought :> nahual () g-con org (Jan 04)