Re: New presentation is up: 0days: How hacking reallyworks

["Hamid . K" <elite_netbios () yahoo com>]

Hi

I know I`m almost a kid in group of you experienced 
people , but

as far as I followed opinions and the presentation
itself , your focus is on these items :
patched/unpatched
protected/not protected

I agree that this patched/protected mix is useless
in most cases . we use IPS , 24x7 patch management ,
firewalls . but how much you counted on hardening ?
if it`s possible to use 0days , even your brand
intelligent IPS  won`t help you , not that magic IBM
patch pixie , not even your tight ACLs on firewalls.
the true is that intruder/penetrator gained access to
at least one system , and s/he would try to elevate
access to system and network .

I believe force and attention should be payed on right
place and that`s entry-point which is provided by
0days in most cases ( skipping insecure
design/management ).  as there is no way to
know/defeat these 0days we should
try just to limit them and make them hard to be used .
I`m not talking about very special situations but in
most cases , it`s much easier to stop execution of an
unknown 0day , than stopping intruder while he gained
access and try to elevate privilege . taking care of
one PaX or stack-defender alike system and it`s flaws
is MUCH easier than watching released 0days for every
single service you`re running in your network IMO.


regards
hamid kashfi


                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave