Full Disclosure mailing list archives
When do exploits get used?
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 22 Mar 2004 13:46:43 -0600
--On Monday, March 22, 2004 05:04:43 PM +0000 Ben Laurie <ben () algroup co uk> wrote:
Note: I changed the subject to more accurately reflect the discussion.
This is foolish thinking. Do you really think that, when a patch comes out, *then* the hackers start working on exploits? The exploits were being used *long* before the patch comes out. The only thing a patch gets you is protection against *future* hack attempts against *that* weakness.This is demonstrably not true - it depends who finds the problem.
So, it's not true, except it depends? Then it is true.Not *every* exploit comes out after a patch is released, but it's a fact that *some* exploits are in use long before a "researcher" reports them to a vendor and/or a patch comes out.
To think otherwise is foolish, as I said. If one isn't paranoid, one probably doesn't belong in the security field. If you're sitting back thinking you're safe because you're patched and you patch quickly, then you're unalert and exposed.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Mark J Cox (Mar 18)
- Re: Operating Systems Security, 'Microsoft Security, baby steps' Daniele Muscetta (Mar 18)
- RE: [inbox] Operating Systems Security, "Microsoft Security, baby steps" Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Operating Systems Security, "Microsoft Security, baby steps" Schmehl, Paul L (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Luke Scharf (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Nico Golde (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Ben Laurie (Mar 22)
- When do exploits get used? Paul Schmehl (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Jay Beale (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- RE: When do exploits get used? Bill Royds (Mar 22)
- Message not available
- RE: When do exploits get used? Michael Cecil (Mar 22)
- Re: When do exploits get used? Luke Norman (Mar 24)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)
- Re: When do exploits get used? Jay Beale (Mar 23)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Dave Aitel (Mar 22)