Dailydave mailing list archives
Sniping
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 14 Apr 2006 09:14:12 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So rather than just having every vendor snipe each other on this list, which is amusing to watch, but like Focus-IDS, gets boring after a while, I've decided to have a contest. Every major vendor is on this list, so I'm not going to spam it around. Here it is: You, the vendor, provide a Virtual Machine, Installer, appliance, or similar object. I run our new MS06-014 exploit through it and tell everyone how you did. You can do it whenever you want - obviously the public will reward promptness with claps and lateness with jeers. You don't get the exploit until the next CANVAS release, which will obviously make it a lot easier. As a side note, one interesting thing about client-side exploits is that you don't need to have them all to be effective. There's usually 100000 of them and if you just have one reliable one, then you can ignore the rest. The sole exception is when you're trying to test an IDS or protective measure of some kind, in which case you need completeness like any other test. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEP6AjtehAhL0gheoRAqcRAJ0aXOsSEKPzvvjDQI5u34Om59B+OgCfYDxR MSCo6xPv6TlGDhfb+AZZx5g= =gJS0 -----END PGP SIGNATURE-----
Current thread:
- Sniping Dave Aitel (Apr 14)