funsec mailing list archives
Re: Month of Kernel Bugs - day 1
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 2 Nov 2006 23:22:08 -0500
looks like Aviram took care of that one nicely Gartner is wrong again, as usual ;-) On 11/2/06, Gadi Evron <ge () linuxbox org> wrote:
There is a gartner analyst arguing the point on my blog post. Anyone who can go chirp in? http://blogs.securiteam.com/index.php/archives/712 On Thu, 2 Nov 2006, Craig Schmugar wrote: > [Gadi] You know how insecure you are, and what you need to protect yourself. > What programs to use, what not to use. What IDS signatures you may need, and > what vendor you need to preasure. > > [Craig] My point is that the majority of the Internet will not know (and > subsequently not protect themselves, and not pressure the vendor -- most > aren't equipped to do so anyway). > > [Gadi] Many of these have exploit code in the hands of bad people, so YES, > we will see worms using this as a direct result, but we will also no longer > see many directed attacks using them. > > [Craig] > Have to disagree there. WMF, createTxtRange, MS06-040 etc were abused much > more after exploit code was readily available and Blaster and Sasser may > never have existed if exploit wasn't so public. > > I am not saying that hackers don't exploit unpublished vuln, of course they > do, but the number of victims and amount of damage jumps exponentially once > that exploit is readily available. And I can't endorse irresponsible > disclosure. One of the arguments for irresponsible disclosure is that > certain vendors won't release a patch or will take too long to release a > patch without it. However, when you have 0-day threats like CVE-2005-0944 > that have remained unpatched for more than 18 months (Ok, maybe this isn't > your average 0-day response), you have to wonder how strong that argument is > anymore [and I use this example as it's still an actively exploited remote > code execution vulnerability]. > > Craig > > > -----Original Message----- > From: Gadi Evron [mailto:ge () linuxbox org] > Sent: Thursday, November 02, 2006 12:13 AM > To: Craig Schmugar > Cc: 'Fergie'; funsec () linuxbox org > Subject: RE: [funsec] Month of Kernel Bugs - day 1 > > On Wed, 1 Nov 2006, Craig Schmugar wrote: > > > As an educated consumer: yes. > > > > Then I'll add the word "all" to my statement [I might question the > > phrase "these days" in Gadi's statement "you are all more secure these > > days"] > > > > all <> "educated consumer" > > Erm, all more secure these days, as a statement, links back to my previous > words in that paragraph/text. > > Why do you disagree, let's open it for discussion. > > > > Craig > > > > -----Original Message----- > > From: Fergie [mailto:fergdawg () netzero net] > > Sent: Wednesday, November 01, 2006 8:02 PM > > To: craig () getvirushelp com > > Cc: funsec () linuxbox org > > Subject: RE: [funsec] Month of Kernel Bugs - day 1 > > > > As an educated consumer: yes. > > > > - ferg > > > > > > > > -- "Craig Schmugar" <craig () getvirushelp com> wrote: > > > > Patch patch patch? What patch? Last time I checked there were 2 or > > maybe 3 patches available for the 25 IE-related MoBB issues (from July). > > > > So, I might question the phrase "these days" in Gadi's statement "you > > are all more secure these days" > > > > Craig > > > > -----Original Message----- > > From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] > > On Behalf Of Valdis.Kletnieks () vt edu > > Sent: Wednesday, November 01, 2006 10:02 AM > > To: Gadi Evron > > Cc: FunSec [List] > > Subject: Re: [funsec] Month of Kernel Bugs - day 1 > > > > On Wed, 01 Nov 2006 10:41:17 CST, Gadi Evron said: > > > And don't anyone dare speak against HD Moore. He is the reason you > > > are all more secure these days. Not less so. > > > > Amen to that - fire up Metasploit, build and launch something, and > > then mention that *every* hacker has a copy. Makes even the most > > recalcitrant user curl up like a breaded prawn and want to go home and > > patch patch patch > > ;) > > > > (That, and Metasploit building blocks are an *incredible* reference if > > you're building *other* tools to look for either exploits or payloads. > > ;) > > > > > > > > -- > > "Fergie", a.k.a. Paul Ferguson > > Engineering Architecture for the Internet fergdawg(at)netzero.net > > ferg's tech blog: http://fergdawg.blogspot.com/ > > > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Month of Kernel Bugs - day 1, (continued)
- Re: Month of Kernel Bugs - day 1 Valdis . Kletnieks (Nov 02)
- Re: Month of Kernel Bugs - day 1 Dude VanWinkle (Nov 01)
- RE: Month of Kernel Bugs - day 1 Fergie (Nov 01)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 01)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 02)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 03)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 04)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 01)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
- Re: Month of Kernel Bugs - day 1 Dude VanWinkle (Nov 02)