Re: Exploits are important (or "Challenging your assumptions")

[Daniel Clemens <daniel.clemens () packetninjas net>]

> its old news . surprises are for those who do not read history , the ones who doomed to make the same mistakes . all 
> respect to Dave , i do not think exploits are that important .

It is cool when it works and that is the objective. 
Exploits were important in light of stuxnet and the complexities therein. If anything , exploits are extremely 
important. High value exploits can be the diplomatic tool to pressure many things on an international scale. 

> its "the stupidity" that's important . its not vulns that are essential to find and turn into exploits, its 
> commercial , its going on for many years on different forms yet same idea .
> its the stupidity we should root out . that's hard , really . putting a bunch of 0days is not .

I guess I would say it a bit differently (still a similar message). 
        - Vulnerabilities always exist , in human form and in code. With a dedicated adversary they are looking for a 
vulnerability to exploit. 
        - Assumptions are the mother of all mess ups. 
        - Input validation and Ego are vulnerability classes that are being exploited in both of the topics being 
explored.... so I guess I may be missing your point or fixated on the wrong lines in this email...

BTW, there are a few good examples of human and 'cyber' / supply chain compromise in "Gideon's Spies: The Secret 
History of the Mossad" - Gordon Thomas. 

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851 
"Moments of sorrow are moments of sobriety"











_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave