RE: Month of Kernel Bugs - day 1

[Gadi Evron <ge () linuxbox org>]

On Wed, 1 Nov 2006, Craig Schmugar wrote:
> Patch patch patch?  What patch?  Last time I checked there were 2 or maybe 3
> patches available for the 25 IE-related MoBB issues (from July).

You know how insecure you are, and what you need to protect yourself. What
programs to use, what not to use. What IDS signatures you may need, and
what vendor you need to preasure.

Many of these have exploit code in the hands of bad people, so YES, we
will see worms using this as a direct result, but we will also no longer
see many directed attacks using them.

Weigh your own odds.

> So, I might question the phrase "these days" in Gadi's statement "you are
> all more secure these days"
>
> Craig
>
> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
> Behalf Of Valdis.Kletnieks () vt edu
> Sent: Wednesday, November 01, 2006 10:02 AM
> To: Gadi Evron
> Cc: FunSec [List]
> Subject: Re: [funsec] Month of Kernel Bugs - day 1
>
> On Wed, 01 Nov 2006 10:41:17 CST, Gadi Evron said:
> > And don't anyone dare speak against HD Moore. He is the reason you are 
> > all more secure these days. Not less so.
>
> Amen to that - fire up Metasploit, build and launch something, and then
> mention that *every* hacker has a copy.  Makes even the most recalcitrant
> user curl up like a breaded prawn and want to go home and patch patch patch
> ;)
>
> (That, and Metasploit building blocks are an *incredible* reference if
> you're building *other* tools to look for either exploits or payloads. ;)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.