funsec mailing list archives
RE: Month of Kernel Bugs - day 1
From: "Craig Schmugar" <craig () getvirushelp com>
Date: Thu, 2 Nov 2006 13:01:50 -0800
[Gadi] You know how insecure you are, and what you need to protect yourself. What programs to use, what not to use. What IDS signatures you may need, and what vendor you need to preasure. [Craig] My point is that the majority of the Internet will not know (and subsequently not protect themselves, and not pressure the vendor -- most aren't equipped to do so anyway). [Gadi] Many of these have exploit code in the hands of bad people, so YES, we will see worms using this as a direct result, but we will also no longer see many directed attacks using them. [Craig] Have to disagree there. WMF, createTxtRange, MS06-040 etc were abused much more after exploit code was readily available and Blaster and Sasser may never have existed if exploit wasn't so public. I am not saying that hackers don't exploit unpublished vuln, of course they do, but the number of victims and amount of damage jumps exponentially once that exploit is readily available. And I can't endorse irresponsible disclosure. One of the arguments for irresponsible disclosure is that certain vendors won't release a patch or will take too long to release a patch without it. However, when you have 0-day threats like CVE-2005-0944 that have remained unpatched for more than 18 months (Ok, maybe this isn't your average 0-day response), you have to wonder how strong that argument is anymore [and I use this example as it's still an actively exploited remote code execution vulnerability]. Craig -----Original Message----- From: Gadi Evron [mailto:ge () linuxbox org] Sent: Thursday, November 02, 2006 12:13 AM To: Craig Schmugar Cc: 'Fergie'; funsec () linuxbox org Subject: RE: [funsec] Month of Kernel Bugs - day 1 On Wed, 1 Nov 2006, Craig Schmugar wrote:
As an educated consumer: yes.Then I'll add the word "all" to my statement [I might question the phrase "these days" in Gadi's statement "you are all more secure these days"] all <> "educated consumer"
Erm, all more secure these days, as a statement, links back to my previous words in that paragraph/text. Why do you disagree, let's open it for discussion.
Craig -----Original Message----- From: Fergie [mailto:fergdawg () netzero net] Sent: Wednesday, November 01, 2006 8:02 PM To: craig () getvirushelp com Cc: funsec () linuxbox org Subject: RE: [funsec] Month of Kernel Bugs - day 1 As an educated consumer: yes. - ferg -- "Craig Schmugar" <craig () getvirushelp com> wrote: Patch patch patch? What patch? Last time I checked there were 2 or maybe 3 patches available for the 25 IE-related MoBB issues (from July). So, I might question the phrase "these days" in Gadi's statement "you are all more secure these days" Craig -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Valdis.Kletnieks () vt edu Sent: Wednesday, November 01, 2006 10:02 AM To: Gadi Evron Cc: FunSec [List] Subject: Re: [funsec] Month of Kernel Bugs - day 1 On Wed, 01 Nov 2006 10:41:17 CST, Gadi Evron said:And don't anyone dare speak against HD Moore. He is the reason you are all more secure these days. Not less so.Amen to that - fire up Metasploit, build and launch something, and then mention that *every* hacker has a copy. Makes even the most recalcitrant user curl up like a breaded prawn and want to go home and patch patch patch ;) (That, and Metasploit building blocks are an *incredible* reference if you're building *other* tools to look for either exploits or payloads. ;) -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Month of Kernel Bugs - day 1, (continued)
- Re: Month of Kernel Bugs - day 1 Gadi Evron (Nov 01)
- Re: Month of Kernel Bugs - day 1 Dude VanWinkle (Nov 01)
- Re: Month of Kernel Bugs - day 1 Valdis . Kletnieks (Nov 01)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 01)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
- Re: Month of Kernel Bugs - day 1 Valdis . Kletnieks (Nov 02)
- Re: Month of Kernel Bugs - day 1 Dude VanWinkle (Nov 01)
- Re: Month of Kernel Bugs - day 1 Gadi Evron (Nov 01)
- RE: Month of Kernel Bugs - day 1 Fergie (Nov 01)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 01)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 02)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 03)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 04)
- RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 01)
- RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
- Re: Month of Kernel Bugs - day 1 Dude VanWinkle (Nov 02)