Dailydave mailing list archives
Re: Exploits matter.
From: security curmudgeon <jericho () attrition org>
Date: Wed, 7 Oct 2009 18:39:49 +0000 (UTC)
On Wed, 7 Oct 2009, dave wrote: : This raises an interesting question. What is a "public" exploit? Buying : CANVAS costs less than four thousand dollars and is (thankfully :>) a : reasonably common thing for companies to have. If a working, 100% : reliable exploit is in the hands of the ten thousand people who care, : shouldn't that be considered "public"? : : It just seems weird to me that all the news articles on SMBv2 focus so : much on whether or not you can download a working version of the exploit : over the Internet, when all the people who could actually do anything : with it already had it. Ten thousand or not, I cannot download the exploit from Immunity's web site, milw0rm or anywhere else, correct? To me, and to OSVDB who tracks that metric, that is flagged as 'rumored/private'. Can our industry really put a numeric line on public vs private in the scenario you describe? Do 9,999 CANVAS customers = private, but 10,000 CANAVAS customers = public? .b _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploits matter. dave (Oct 06)
- Re: Exploits matter. dan (Oct 07)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Re: Exploits matter. dan (Oct 07)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Tom Parker (Oct 08)
- Re: Exploits matter. alexm (Oct 08)
- Re: Exploits matter. vincent hinderer (Oct 08)