Dailydave mailing list archives
Re: A change
From: alexm <alexm () immunityinc com>
Date: Wed, 20 Jan 2010 01:55:12 -0500
If I was using the test to determine how my sandboxing worked, it could make sense. If I was testing to see how my "anti exploitation mechanisms" were working it could make sense. In the absence of any sort of reactive defence, is there value in a semi-automated "click here to get owned by 0day you can't currently defend against" type of service?[1]
I think so but in this context it's a corner case. Given a desktop computer which is part of a corporate network, has no protection mechanisms other than what is provided via it's current updates and it is in no kind of network or VM sandbox. Essentially, no real protection at all. Then having an 0day automated test gives you ammunition, in the form of real and reproducible test results, to demand that some of these protection mechanisms be put into place. I say corner case because we're discussing a service Immunity provides and advertised on this list, if the day-to-day security of a corporation is at the described level I'd say it's going to be pretty unlikely they'd be reading DD in the first place :) This then raises the question that if the sys-admin's gamble works and security dollars go in their direction but they still get owned after all the software protections they've asked for are put in place, what then? How good are your logs and backups? -AlexM _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: A change, (continued)
- Re: A change Marius (Jan 20)
- Re: A change Jim Manico (Jan 20)
- Re: A change Menerick, John (Jan 24)
- Re: A change Ben Nagy (Jan 26)
- Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
- Re: A change Nick FitzGerald (Jan 27)
- Re: A change Lurene Grenier (Jan 27)
- Re: A change Dragos Ruiu (Jan 28)
- Re: A change alexm (Jan 20)