Dailydave mailing list archives
Re: Exploits matter.
From: Matt Olney <molney () sourcefire com>
Date: Wed, 7 Oct 2009 09:24:23 -0400
It isn't "weird", its "wrong". People hate to think about limited-distribution 0-day, like say December 2008 and Adobe JBIG, because the ramifications for computer security are so severe...something in the range of "You are screwed". They would rather spend hours working on Confickr because its a known threat and its something they can act against. It is also why vanilla CISSPs continue to get work, because ultimately in these cases your best defense is most likely an aggressive, oppressive (and enforced) infosec policy with accompanying network and security technology controls. And even then...most likely you are jacked. Or, as I often put it, defense sucks. It also speaks to a dramatic misunderestimation of the vulnerability development community that they can actually see (hello HD, Dave, Pusscat, Halvar, etc. etc. etc) and a complete ignorance of the threat they have no insight into (hello China, Iran, x-stan and Nebraska). Matt On Wed, Oct 7, 2009 at 7:31 AM, dave <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This raises an interesting question. What is a "public" exploit? Buying CANVAS costs less than four thousand dollars and is (thankfully :>) a reasonably common thing for companies to have. If a working, 100% reliable exploit is in the hands of the ten thousand people who care, shouldn't that be considered "public"? It just seems weird to me that all the news articles on SMBv2 focus so much on whether or not you can download a working version of the exploit over the Internet, when all the people who could actually do anything with it already had it. - -dave dan () geer org wrote:> > The summary is this: You may think increasing exploit costs > is a simply good thing. But the side effect of relying on > mitigations as opposed to software assurance is that it is > getting extremely expensive to avoid being drowned in the > noise. > The other side effect is that for exploitable vulnerabilities a rising fraction are privately held as the probability that you will give away something is inversely proportional to what it cost you to obtain it. --dan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkrMfBwACgkQtehAhL0gherNMwCfQXm3RGhLwk5ETO4DCgw/a257 CA4Aniz2UpfFjt08SWBNvw+UROkO2hup =EizD -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploits matter. dave (Oct 06)
- Re: Exploits matter. dan (Oct 07)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Re: Exploits matter. dan (Oct 07)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)