Dailydave mailing list archives
Re: Faster, smashter.
From: Dragos Ruiu <dr () kyx net>
Date: Mon, 8 Dec 2008 18:43:47 -0800
On 8-Dec-08, at 11:38 AM, Fisher, Dennis wrote:
I wrote a column last week along the same lines as what Dave has to say. Not coincidentally, the column was the result of a discussion with Dave and some others a couple of weeks ago. Dave suggested I post it here. http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci13408 84,00.html
Dennis, go ahead and stop patching, but don't expect us all to follow.... :-P Also, I've noted a big discrepancy between the talk and bragging about having unpublished vulns (let's stop using that silly now meaningless 0day term shall we :) and the actual vulnerabilities and their severities that people have access to. How many times have I seen speakers at conferences talk up the FUD about some vulnerability that turned out to totally fizzle in practice? Uh, lots... IMHO the actual problems we see from unpublished vulnerabilities are few and far between. Fortunately, they aren't quite so common that they are thrown around carelessly - because to use an unpublished vuln is to run the risk of losing it. :-) When a new unpublished vulnerability is discovered in use it's usually big news (points to MS08-067). It also seems most of the malware can do just fine using the same old low hanging fruit they've always accessed. I would also note that it's misleading to say you should throw in the towel because one unpublished vuln can pop your box. There is more to it than that if you are doing your job right. Can they pop it without being discovered... for how long, and how often? And how good are your backups :-P ? So, I'm not with you in declaring efforts at security a waste of time. As a matter of fact I completely disagree with you, and think we have been making some slow progress.... note for instance the shift to low level vulns and application/client software as the OSes and network stacks get (slowly) hardened. These days remote pre-auth anything is a big deal - that certainly wasn't the case back when the one line patch to samba to make it an exploit tool for that SMB flaw was first circulating. So let's give those security teams at least a few deserved pats on the back instead of jumping on the "OMG we're doomed bandwagon." There is still a lot of work to be done, but throwing in the towel or trying to get others to isn't going to get any of it done. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada March 16-20 2009 http://cansecwest.com London, U.K. May 27/28 2009 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Faster, smashter. Dave Aitel (Dec 08)
- Re: Faster, smashter. Fisher, Dennis (Dec 08)
- Re: Faster, smashter. Dragos Ruiu (Dec 08)
- Re: Faster, smashter. Halvar Flake (Dec 09)
- Re: Faster, smashter. Dave Aitel (Dec 09)
- Re: Faster, smashter. Rafal @ IsHackingYou.com (Dec 09)
- Re: Faster, smashter. dan (Dec 09)
- Re: Faster, smashter. Marc Maiffret (Dec 10)
- Re: Faster, smashter. Dragos Ruiu (Dec 08)
- Re: Faster, smashter. Halvar Flake (Dec 09)
- Re: Faster, smashter. security curmudgeon (Dec 09)
- Re: Faster, smashter. Jon Passki (Dec 09)
- Re: Faster, smashter. Fisher, Dennis (Dec 08)