Dailydave mailing list archives
Re: A change
From: "Menerick, John" <jmenerick () netsuite com>
Date: Thu, 21 Jan 2010 09:17:48 -0800
Comments inline On Jan 20, 2010, at 2:04 PM, Jim Manico wrote:
Hello DD, Is the recent ie6 0-day anything special?
Not really. Not as special as the NT <-> Win 7 issue recently highlighted.
How many similar 0-days are for sale on the black market?
Quite a few.
What is the rate/difficulty for discovery of new windows-based 0-days for the common MS and Adobe products that are installed on almost every corporate client? (I heard Dave mention that discovery is getting more difficult)?
Not terribly difficult for someone who is dedicated. Then again, my idea of difficult is much different from the avg. person
How easy is discovery for someone with resources like the Chinese government?
Much simpler.
How bad is it really?
Look at the CVSSv2 score and adjust it to the environments where you determine "how bad it is." It could be much worse.
I suspect we are just looking at one grain of sand in a beach of 0-days....
Correct. No one wants to let everyone else know what cards they hold in their hand, the tools in their toolbox, etc.... John Menerick http://securewebappsec.com
-- Jim Manico OWASP Podcast Host/Producer OWASP ESAPI Project Manager http://www.manico.net _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. Please note that all communications and information transmitted through this email system may be monitored by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: A change, (continued)
- Re: A change Charles Miller (Jan 15)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Parity (Jan 19)
- Re: A change Rich Smith (Jan 18)
- Re: A change delchi delchi (Jan 20)
- Re: A change Moxie Marlinspike (Jan 15)
- Re: A change Nelson Brito (Jan 18)
- Re: A change val smith (Jan 19)
- Re: A change Matthew Wollenweber (Jan 20)
- Re: A change Marius (Jan 20)
- Re: A change Jim Manico (Jan 20)
- Re: A change Menerick, John (Jan 24)
- Re: A change Ben Nagy (Jan 26)
- Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
- Re: A change Nick FitzGerald (Jan 27)
- Re: A change Lurene Grenier (Jan 27)
- Re: A change Dragos Ruiu (Jan 28)
- Re: A change Charles Miller (Jan 15)
- Re: A change alexm (Jan 20)