Dailydave mailing list archives
Re: Neal Stephenson, the EFF and Exploit Sales
From: "Adriel T. Desautels" <adriel () netragard com>
Date: Tue, 14 Aug 2012 17:21:55 -0400
Actually its not apples and oranges. Most people are stunned when they hear that only 0.12% of compromises are attributed to 0-day vulnerabilities. They are even more stunned when they find out that only 6% of malware infections are attributed to the use of general exploits (non-zeroday). The point is, there are much bigger issues at hand that need to be addressed like the fact that 90% of all compromises in 2011 were attributed to vulnerabilities that had been in public domain for over one year. How can anyone expect to protect themselves from zero-day's if they can't protect themselves from known issues for which patches / fixes already exist? On 8/14/12 5:13 PM, Michal Zalewski wrote:
http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/I think it's apples and oranges. A vast majority of compromises happen due to user error, software design errors, or inadequate patching, and nobody in their right mind contests that. 0-day vulnerabilities surface in a variety of high-profile cases, and they are not a direct threat to most of the users. Which doesn't make them a non-issue - in fact, they are a huge practical issue in some settings. /mz
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: Neal Stephenson, the EFF and Exploit Sales, (continued)
- Re: Neal Stephenson, the EFF and Exploit Sales Tracy Reed (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Adam Shostack (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Haroon Meer (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Rich Mogull (Aug 17)
- Re: Neal Stephenson, the EFF and Exploit Sales Mary Landesman (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales David Maynor (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 10)
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Adriel T. Desautels (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Adriel T. Desautels (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Adriel T. Desautels (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Bas Alberts (Aug 16)
- Re: Neal Stephenson, the EFF and Exploit Sales Tracy Reed (Aug 17)
- Re: Neal Stephenson, the EFF and Exploit Sales Daniel Margolis (Aug 17)
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Dr. Sandro Gaycken (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Ben Nagy (Aug 16)
- Re: Neal Stephenson, the EFF and Exploit Sales Dr. Sandro Gaycken (Aug 16)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 17)
- Re: Neal Stephenson, the EFF and Exploit Sales Jon Oberheide (Aug 17)