Information Security News mailing list archives

RE: InfoSec 2003: 'Zero-day' attacks seen as growing threat

From: InfoSec News <isn () c4i org>
Date: Tue, 16 Dec 2003 05:34:14 -0600 (CST)

Forwarded from: Pete Lindstrom <petelind () comcast net>

That is of course the paradox here, but one would think that over time
there would be much more specific information (i.e. real evidence, not
the typical "if I told you I'd have to kill you" nudge, nudge, wink,
wink b.s.) about zero-day attacks after they happened.

AFAIK, the only zero-days that have been identified after the fact
(which by definition is the only way we can identify them) are the
WebDAV exploit earlier this year and Dave Aitel's Real Server exploit.
I would love to add to this list of zero-days that we eventually found
out about if anyone has first-hand accounts...

FYI, I define zero-day exploits as exploits that were used to actually
compromise a system ("in the wild") before the vulnerability was known
to exist by most security professionals (not published on public
security mailing lists - CERT, Bugtraq, Full Disclosure, Vendors,
etc.). Any past examples out there?

I don't agree with your last statement that very few things will pick
up something awry - the really smart security folks are working with
honeypots, ids solutions, and other network monitoring solutions to do
just that. This is an area that requires much more attention and
intelligence - rather than beating on an application looking for new
vulnerabilities.

Pete

Pete Lindstrom, CISSP
Research Director
Spire Security, LLC
www.spiresecurity.com
(w) 610-644-9064

-----Original Message-----
From: owner-isn () attrition org 
[mailto:owner-isn () attrition org] On Behalf Of InfoSec News
Sent: Monday, December 15, 2003 6:14 AM
To: isn () attrition org
Subject: Re: [ISN] InfoSec 2003: 'Zero-day' attacks seen as 
growing threat 

Forwarded from: "Jack Whitsitt (jofny)" <xaphan () violating us>

Although they have been seen as a major security threat for some
time, there haven't yet been any major zero-day attacks.


...That anyone has noticed and have also been allowed to report.  
You'd think someone would mention that due to the fact that theyre
unpatched and unknown, nothing (well, very few things)  will pick up
that something is awry.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

Current thread:

InfoSec 2003: 'Zero-day' attacks seen as growing threat InfoSec News (Dec 12)
- <Possible follow-ups>
- Re: InfoSec 2003: 'Zero-day' attacks seen as growing threat InfoSec News (Dec 15)
- RE: InfoSec 2003: 'Zero-day' attacks seen as growing threat InfoSec News (Dec 16)
- RE: InfoSec 2003: 'Zero-day' attacks seen as growing threat InfoSec News (Dec 19)