Dailydave mailing list archives

Re: Top10 Blowing Chunks :>

From: Dave Aitel <dave () immunityinc com>
Date: Wed, 18 Sep 2013 12:14:29 -0400

From an attacker's perspective this is the defender attacking the
exploit supply chain - where there are two parties, one which writes the
exploits and the other which uses them, it's hard to cycle new targets
into the mix. Hence, the target that is most prolific is the one that
has been QA'd and tested. If you are three rev's back, you are likely to
still be vulnerable, but not tested against, and hence, not owned.

This is a problem for people who use products like CANVAS, MSF, CORE,
etc. - none of us can afford to target or QA every possible
configuration of IE, for example.

The counter-example is a tightly integrated attack and R&D team. In this
case older is definitely not better. Many of your top-tier hackers are
fully integrated like this (sometimes in just one person), and the
combination is pretty devastating no matter what you're running, imho.


-dave


On 9/18/2013 6:23 AM, dan () geer org wrote:

Wolfgang, Once upon a time it was shown that the most attacked
versions of software tended to be one revision off of current,
leading to the strategy that you should keep up or stay well behind
(like a herd animal either staying in the center of the herd or
hiding in the bush but *never* being in the trailing edge of the
herd as that's where the predators were).  Coupled with the observed
propensity of so many software houses to have upgrades that add
all-but-gratuitous features, it seemed almost preferable to take
the hide-in-the-bush strategy if you had any technical skill at
all.

Expand on this in whatever direction you can, if you like.

--dan

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Top10 Blowing Chunks :> Dave Aitel (Sep 03)
- Re: Top10 Blowing Chunks :> Wolfgang Kandek (Sep 05)
  - Re: Top10 Blowing Chunks :> Dave Aitel (Sep 09)
    - Re: Top10 Blowing Chunks :> Albert R. Campa (Sep 10)
  - Re: Top10 Blowing Chunks :> dan (Sep 18)
    - Re: Top10 Blowing Chunks :> Dave Aitel (Sep 18)
    - Re: Top10 Blowing Chunks :> Wolfgang Kandek (Sep 19)