Dailydave mailing list archives

News is about the details

From: Dave Aitel <dave () immunityinc com>
Date: Wed, 14 Jun 2006 09:46:26 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So it's interesting to me that Sans Diary likes to do the same thing
that CNN does that annoys me, which is cover up their sources. I think
if there's anything that separates blogging from journalism, it's that
blogging is typically more useful because it contains pointers to the
original source material. In this case, the "penetration testing
company" that released exploits "to their customers" is Immunity
(specifically, we released exploits to our Partner's program). It's
interesting to me because it's rare that a wormable vulnerability
comes out, even if it's not wormable on the default configuration of
XP SP2. Is it rare because of Microsoft's hard work in securing their
latest systems? No doubt this has had an effect. But also possibly the
complete commercialization of the vulnerability market has taken the
best bugs out of public auctions, so to speak.

Also interesting: Is it a totally new ballgame when people can take
advisories->exploits in a few hours, and then using some sort of
Nematode-like technology transform those immediately into worms?
Essentially this is faster than Windows Update.  If you have a big
enough network, it's faster than any update technology you can deploy,
even discounting patch QA time.

One thing I think Microsoft DOES have to change is their
classification system for "remote" versus "remote (but really
client-side)". It's confusing to the public, and it keeps overworked
system administrators from focusing on what the real problems are for
their networks. Just IMHO. Perhaps Andrew Cushman will discuss this in
his newly announced BlackHat talk! :>

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEkBMyB8JNm+PA+iURAgTRAKCvohikTn57yM1CNzcPaJv9f/71IwCfc/4s
h5f+e32I/yGmvmjpmWuhbWk=
=011L
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

News is about the details Dave Aitel (Jun 14)
- <Possible follow-ups>
- Re: News is about the details Steven M. Christey (Jun 20)
  - Re: News is about the details Isaac Dawson (Jun 21)
  - PaiMei RE Framework Pedram Amini (Jun 21)