Dailydave mailing list archives
Re: The lack of hard questions
From: Trygve Aasheim <trygve () pogostick net>
Date: Tue, 02 Sep 2008 12:13:20 +0200
Why sometimes "Security Experts" and not the vendor should say if it is a vulnerability or a bug, and if its reliable (read entire timeline): http://www.coresecurity.com/content/open-bsd-advisorie The vendor might have other interests, and most major vendors run all their communication through their marketing department (which usually ARE full of crap)...and that doesn't help. Even if they're packed with people who can make "reliable exploits"... And many times the "Security Team" is overbooked (by the marketing department to do presentations on seminars or create security whitepaper strategies)... Microsoft might be different of course...but maybe not in the future, since they've now proved that security doesn't really sell: http://pwnie-awards.org/2008/nominees.html#fail ergosum wrote:
Charles, no ofense, but the MS Security team has several members who can make reliable exploits, probably much better than many "security experts". So, don't take for granted that MS is full of crap because that shows your lack of knowledge about them.On Aug 27, 2008, at 4:55 PM, Valdis.Kletnieks () vt edu wrote:On Wed, 27 Aug 2008 09:05:42 EDT, Pusscat said:My assumption would be that if it can be made reliable by anyone, then it's reliable. It probably shouldn't be a quantum value, collapsed by our inability ;)Yes, it only has to be weaponized once._______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: The lack of hard questions, (continued)
- Re: The lack of hard questions dan (Sep 02)
- Re: The lack of hard questions Charles Miller (Aug 26)
- Re: The lack of hard questions Pusscat (Aug 27)
- Message not available
- Re: The lack of hard questions Charles Miller (Sep 01)
- Re: The lack of hard questions ergosum (Sep 01)
- Re: The lack of hard questions Charles Miller (Sep 02)
- Re: The lack of hard questions Matt (Sep 03)
- Re: The lack of hard questions Pusscat (Sep 03)
- Re: The lack of hard questions Pusscat (Aug 27)
- Re: The lack of hard questions Matthieu Suiche (Sep 02)
- Re: The lack of hard questions Charles Miller (Sep 03)
- Re: The lack of hard questions Trygve Aasheim (Sep 03)