WMF and the Windows Vulnerability Drought :>

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I'm not sure why Sans Diary has people calling HD Moore
irresponsible, when all he did was point out the brutally obvious: You
can't write reliable network IDS signatures for these client side
bugs. If it's going to annoy you a lot when people pad the exploit to
match an MTU header, then it's going to REALLY annoy you when we set
our MTU size to be 40 bytes, and use tiny HTTP Chunks for a Gziped
file over SSL after doing several prior null requests . I haven't done
a lot of testing with commercial IDS's, but I can pretty much
guarantee signature based IDS isn't going to find Immunity's version.
That probably goes for other people writing exploits that Sans isn't
able to get their hands on.

And you don't want a patch (although kudo's to Ilfak for writing one!)
- - you want code to be designed securely when it gets delivered to you.
Relying on a patch just means you've been owned for the past 5 years
without knowing it.

When people in this industry call other people irresponsible, what
they usually mean is they're upset for getting hit over the head with
a clue-stick.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDuZkZB8JNm+PA+iURAqx7AKDMjEYuL8Kj72vxcOrWboSrKjybCQCgt9o7
o8x3rPKM1bWYdu1zJC+QwNA=
=QAYr
-----END PGP SIGNATURE-----