Dailydave mailing list archives
MySQL 5.5.20 0day
From: Alex McGeorge <alexm () immunityinc com>
Date: Thu, 23 Feb 2012 16:22:49 -0500
List, Who doesn't love a practical example? There's been some hype and fuss on the internet recently about the exploit market [1]. And while I disagree with a few points made in that article it has lead me to have some pretty good conversations on some of the ethical considerations of buying and selling exploits. I've noted a lot of folks fall back to the "exploits are like guns" analogy which works pretty well as long as you don't push it too far. Dave's RSA talk of course takes issue with calling exploits cyber weapons which works against that analogy. There's a lot of room for discussion, the challenge is making it productive. So here's our practical example. Our friends over at Intevydis have released VulnDisco Professional 9.17 which contains a remote pre-auth 0day for MySQL 5.5.20. You can purchase access to that Intevydis CANVAS module by sending email to admin () immunityinc com and requesting a quote. There's a release announcement on the CANVAS list [2] but most of the good information can be found in the short movie we did here: http://partners.immunityinc.com/movies/VD-MySQL-5_5_20.mov Cheers, -AlexM [1] http://www.zdnet.com/blog/security/0-day-exploit-middlemen-are-cowboys-ticking-bomb/10294 [2] https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html -- Alex McGeorge Immunity Inc. 1130 Washington Avenue 8th Floor Miami Beach, Florida 33139 P: 786.220.0600 _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com http://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- MySQL 5.5.20 0day Alex McGeorge (Feb 23)