Full Disclosure mailing list archives
Re: 0day: PDF pwns Windows
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 25 Sep 2007 09:49:46 -0500 (CDT)
On Tue, 25 Sep 2007, Jason wrote:
You present a valid position but fall short of seeing the whole picture. As an attacker, nation state or otherwise, my goal being to cripple communications, 0day is the way to go. Resource exhaustion takes resources, something the 0day can deprive the enemy of. Knocking out infrastructure with attacks is a far more effective strategy. You can control it's timing, launch it with minimal resources, from anywhere, coordinate it, and be gone before it can be thwarted. The botnet would only serve as cover while the real attack happens. I am more inclined to believe that botnets in use today really only serve as cover, thuggish retribution, and extortion tools, not as effective tools of warfare. No real warfare threat would risk exposing themselves through the use of or construction of a botnet.
There is a difference between Sun Tsu-like stealth and civil war-like "throw bodies at it". I quite agree 0days would be important tools, but not necessarily the only tool. Then, it would only be a fascilitating technology. A known vulnerability is also useful in many cases. About botnets, they are at the very heart of the matter--not necessarily for being used in this fashion, but rather because the Internet is perfect for plausible deniability, and then, of course, there is the matter of a /fifth column/, inside your network. Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: 0day: PDF pwns Windows, (continued)
- Re: 0day: PDF pwns Windows Lawrence Paul MacIntyre (Sep 25)
- Re: 0day: PDF pwns Windows Crispin Cowan (Sep 25)
- Re: 0day: PDF pwns Windows J. Oquendo (Sep 25)
- Re: 0day: PDF pwns Windows Jason (Sep 25)
- Re: 0day: PDF pwns Windows J. Oquendo (Sep 25)
- Re: 0day: PDF pwns Windows Valdis . Kletnieks (Sep 25)
- Re: 0day: PDF pwns Windows Gadi Evron (Sep 25)
- Re: 0day: PDF pwns Windows Jason (Sep 25)
- Re: 0day: PDF pwns Windows North, Quinn (Sep 25)
- Re: 0day: PDF pwns Windows Steven Adair (Sep 25)
- Re: 0day: PDF pwns Windows Gadi Evron (Sep 25)
- Re: 0day: PDF pwns Windows Iggy E (Sep 25)
- Re: 0day: PDF pwns Windows Geo. (Sep 21)
- Re: 0day: PDF pwns Windows silky (Sep 22)
- Re: 0day: PDF pwns Windows Eduardo Tongson (Sep 22)
- Re: 0day: PDF pwns Windows cocoruder . (Sep 25)
- Re: 0day: PDF pwns Windows h4h (Sep 21)
- Re: 0day: PDF pwns Windows Tremaine Lea (Sep 21)