Dailydave mailing list archives
WMF and the Windows Vulnerability Drought :>
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 02 Jan 2006 16:20:26 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I'm not sure why Sans Diary has people calling HD Moore irresponsible, when all he did was point out the brutally obvious: You can't write reliable network IDS signatures for these client side bugs. If it's going to annoy you a lot when people pad the exploit to match an MTU header, then it's going to REALLY annoy you when we set our MTU size to be 40 bytes, and use tiny HTTP Chunks for a Gziped file over SSL after doing several prior null requests . I haven't done a lot of testing with commercial IDS's, but I can pretty much guarantee signature based IDS isn't going to find Immunity's version. That probably goes for other people writing exploits that Sans isn't able to get their hands on. And you don't want a patch (although kudo's to Ilfak for writing one!) - - you want code to be designed securely when it gets delivered to you. Relying on a patch just means you've been owned for the past 5 years without knowing it. When people in this industry call other people irresponsible, what they usually mean is they're upset for getting hit over the head with a clue-stick. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDuZkZB8JNm+PA+iURAqx7AKDMjEYuL8Kj72vxcOrWboSrKjybCQCgt9o7 o8x3rPKM1bWYdu1zJC+QwNA= =QAYr -----END PGP SIGNATURE-----
Current thread:
- WMF and the Windows Vulnerability Drought :> Dave Aitel (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Barrie Dempster (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> H D Moore (Jan 02)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Orlando Padilla (Jan 03)
- Re: WMF and the Windows Vulnerability Drought :> Florian Weimer (Jan 03)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Frank Knobbe (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Michael A Stevens (Jan 04)
(Thread continues...)