Dailydave mailing list archives
Cows
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 4 Dec 2017 15:08:16 -0500
So for a while it was like being on a treadmill trying to keep up with the security communities technical advances. These days, it's like being a guy on a skateboard while several fireman shoot you with firehoses from different directions. Even staying current on one platform seems impossible for super-experts. I say this, because I noted someone pointing out that the DirtyCow patch maybe didn't work, and maybe didn't work in an exploitable way. Look, I'll be honest, I didn't even have time to read the analysis yet, and when I'm doing dishes even I've got the phone propped up so I can watch whatever videos HITB released that week. But nobody can keep up. Which is a somewhat new phenomenon really. I saw people on the Steptoe podcast pointing at this: https://www.recordedfuture.com/chinese-vulnerability-reporting/ report which "shows" that the Chinese have their own version of the VEP, as for some bugs they were demonstrably a lot later than for every other bug. Here's my point as it relates to policy wonks and the VEP: Nobody has the number of vulnerability researches on hand who could tell them that THEIR version of DirtyCow was or was not properly patched by the publicly reported patch/vuln. The workload for knowing if any two bugs are the same bug or if any patch actually worked is so much higher than is publicly discussed. I mean, half of twitter is just Steffan Esser pointing and laughing at Apple's security engineers these days. -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Cows Dave Aitel (Dec 04)
- Re: Cows Jared DeMott (Dec 05)