Dailydave mailing list archives
Re: A change
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>
Date: Tue, 26 Jan 2010 19:41:52 -0200
Hey Ben, As usual I believe you made really good points...
Seeing which bugs are exploitable: Using a naive approach, this scales horribly poorly with money - non-linearly, to put it mildly. (...) but I don't know of anyone that has a great result in the area yet - I'd love to be corrected.
Well, I'm also working on that as you know, since we basically are analyzing the same data ;) and the results are really far from be good. So, from the effort I'm also putting on this I hope nobody will correct you ;)
Creating nice, reliable exploits: I'd assert that this is like the previous point, but even harder. To be honest, it's not really my thing, so probably one of the people that write exploits for a living would be better to comment, but from talking to those kind of guys, it's often a very long road from 'woo we control ebx' to reliable exploitation, especially against modern OSes and modern software that has lots of stuff built in to make your life harder.
So here you have... With those systems almost every vulnerability is a new, completely different history. The tools are evolving to automate some of the manual work, and as you know we have access to really great tools, but far from be an automation. I strongly doubt reliable exploits are blowing out of fuzzer for the next years, so completely agree it does not scales very well. Even more if you add to that the experience needed from previous vulnerabilities analyzed, ways people used to avoid some limitations, and so far. Many sources, so a learning period noaways are really long. Also, the learning period is increased due to the actual complexity - it's hard to the novice to practice and have fun.
So, while I think that 'simpler' is certainly unassailable, I would need more than a two word assertion to be convinced that it is 'much' simpler. If you give one team a million dollars and 100 people selected at random from the top 10% graduating computer science and you give the other team their pick of any 4 researchers in the world and 3 imacs, whom does the smart money think will produce more weapons grade 0day after 6 months?
I bet it is the group of 4... Even more when I think about the classes I had at university... hehehe, kidding teachers, you where great... Regards, Rodrigo (BSDaemon). _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: A change, (continued)
- Re: A change Parity (Jan 19)
- Re: A change Rich Smith (Jan 18)
- Re: A change delchi delchi (Jan 20)
- Re: A change Nelson Brito (Jan 18)
- Re: A change val smith (Jan 19)
- Re: A change Matthew Wollenweber (Jan 20)
- Re: A change Marius (Jan 20)
- Re: A change Jim Manico (Jan 20)
- Re: A change Menerick, John (Jan 24)
- Re: A change Ben Nagy (Jan 26)
- Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
- Re: A change Nick FitzGerald (Jan 27)
- Re: A change Lurene Grenier (Jan 27)
- Re: A change Dragos Ruiu (Jan 28)
- Re: A change alexm (Jan 20)