Dailydave mailing list archives
Re: The Week of Oracle Database Bugs
From: dan () geer org
Date: Tue, 21 Nov 2006 18:50:42 -0500
Joel Eriksson writes: | | Vulnerabilities are often known and (ab)used long before they | are publicly known. It's the existence of a security bug that | is the real danger, not whether the bug is known by the public | at large, by a small group or by noone (so far). Actually, the | bug can do far more damage during the time it's known only by | a few. | I will assume, then, that you agree the conservative position for the researcher to take is that any vuln s/he discovers is always a re-discovery, that no one here ever discovers anything truly new? If so, would you have any good ideas on how to confirm this fact? Is the HoneyMonkey web crawling the best we have or could have? Is there some kind of, shall we say, blotter paper that we could use to record take overs of random sorts that are otherwise unexplained until such time as some research later re-discovers the vuln that was used? In criminal cases, one stores DNA in the hopes of someday finding a match. Is there any analog in our world here to that meme? --dan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Week of Oracle Database Bugs Cesar (Nov 20)
- Re: The Week of Oracle Database Bugs Evgeny Legerov (Nov 21)
- <Possible follow-ups>
- Re: The Week of Oracle Database Bugs ¯`· . _The Sun_ . ·´¯ (Nov 20)
- Re: The Week of Oracle Database Bugs Joel Eriksson (Nov 21)
- Re: The Week of Oracle Database Bugs dan (Nov 22)
- Re: The Week of Oracle Database Bugs Joanna Rutkowska (Nov 22)
- Re: The Week of Oracle Database Bugs dan (Nov 22)
- Re: The Week of Oracle Database Bugs pageexec (Nov 24)
- Re: The Week of Oracle Database Bugs Dave Aitel (Nov 27)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs sinan . eren (Nov 27)
- Re: The Week of Oracle Database Bugs Jared DeMott (Nov 27)
- Re: The Week of Oracle Database Bugs Dude VanWinkle (Nov 29)
- Re: The Week of Oracle Database Bugs Jeremiah Johnson (Nov 29)
- Re: The Week of Oracle Database Bugs Curt (Nov 29)
- Re: The Week of Oracle Database Bugs Joel Eriksson (Nov 21)