funsec mailing list archives

Re: Month of Kernel Bugs - day 1

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 2 Nov 2006 23:22:08 -0500

looks  like  Aviram took care of that one nicely

Gartner is wrong again, as usual ;-)

On 11/2/06, Gadi Evron <ge () linuxbox org> wrote:

There is a gartner analyst arguing the point on my blog post. Anyone who
can go chirp in?

http://blogs.securiteam.com/index.php/archives/712

On Thu, 2 Nov 2006, Craig Schmugar wrote:

> [Gadi] You know how insecure you are, and what you need to protect yourself.
> What programs to use, what not to use. What IDS signatures you may need, and
> what  vendor you need to preasure.
>
> [Craig] My point is that the majority of the Internet will not know (and
> subsequently not protect themselves, and not pressure the vendor -- most
> aren't equipped to do so anyway).
>
> [Gadi] Many of these have exploit code in the hands of bad people, so YES,
> we will see worms using this as a direct result, but we will also no longer
> see  many directed attacks using them.
>
> [Craig]
> Have to disagree there.  WMF, createTxtRange, MS06-040 etc were abused much
> more after exploit code was readily available and Blaster and Sasser may
> never have existed if exploit wasn't so public.
>
> I am not saying that hackers don't exploit unpublished vuln, of course they
> do, but the number of victims and amount of damage jumps exponentially once
> that exploit is readily available.  And I can't endorse irresponsible
> disclosure.  One of the arguments for irresponsible disclosure is that
> certain vendors won't release a patch or will take too long to release a
> patch without it.  However, when you have 0-day threats like CVE-2005-0944
> that have remained unpatched for more than 18 months (Ok, maybe this isn't
> your average 0-day response), you have to wonder how strong that argument is
> anymore [and I use this example as it's still an actively exploited remote
> code execution vulnerability].
>
> Craig
>
>
> -----Original Message-----
> From: Gadi Evron [mailto:ge () linuxbox org]
> Sent: Thursday, November 02, 2006 12:13 AM
> To: Craig Schmugar
> Cc: 'Fergie'; funsec () linuxbox org
> Subject: RE: [funsec] Month of Kernel Bugs - day 1
>
> On Wed, 1 Nov 2006, Craig Schmugar wrote:
> > > As an educated consumer: yes.
> >
> > Then I'll add the word "all" to my statement [I might question the
> > phrase "these days" in Gadi's statement "you are all more secure these
> > days"]
> >
> > all <> "educated consumer"
>
> Erm, all more secure these days, as a statement, links back to my previous
> words in that paragraph/text.
>
> Why do you disagree, let's open it for discussion.
> >
> > Craig
> >
> > -----Original Message-----
> > From: Fergie [mailto:fergdawg () netzero net]
> > Sent: Wednesday, November 01, 2006 8:02 PM
> > To: craig () getvirushelp com
> > Cc: funsec () linuxbox org
> > Subject: RE: [funsec] Month of Kernel Bugs - day 1
> >
> > As an educated consumer: yes.
> >
> > - ferg
> >
> >
> >
> > -- "Craig Schmugar" <craig () getvirushelp com> wrote:
> >
> > Patch patch patch?  What patch?  Last time I checked there were 2 or
> > maybe 3 patches available for the 25 IE-related MoBB issues (from July).
> >
> > So, I might question the phrase "these days" in Gadi's statement "you
> > are all more secure these days"
> >
> > Craig
> >
> > -----Original Message-----
> > From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
> > On Behalf Of Valdis.Kletnieks () vt edu
> > Sent: Wednesday, November 01, 2006 10:02 AM
> > To: Gadi Evron
> > Cc: FunSec [List]
> > Subject: Re: [funsec] Month of Kernel Bugs - day 1
> >
> > On Wed, 01 Nov 2006 10:41:17 CST, Gadi Evron said:
> > > And don't anyone dare speak against HD Moore. He is the reason you
> > > are all more secure these days. Not less so.
> >
> > Amen to that - fire up Metasploit, build and launch something, and
> > then mention that *every* hacker has a copy.  Makes even the most
> > recalcitrant user curl up like a breaded prawn and want to go home and
> > patch patch patch
> > ;)
> >
> > (That, and Metasploit building blocks are an *incredible* reference if
> > you're building *other* tools to look for either exploits or payloads.
> > ;)
> >
> >
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> >  Engineering Architecture for the Internet  fergdawg(at)netzero.net
> > ferg's tech blog: http://fergdawg.blogspot.com/
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
> >
>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Month of Kernel Bugs - day 1, (continued)
- - - Re: Month of Kernel Bugs - day 1 Valdis . Kletnieks (Nov 02)
  - Re: Month of Kernel Bugs - day 1 Dude VanWinkle (Nov 01)
- RE: Month of Kernel Bugs - day 1 Fergie (Nov 01)
  - RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 01)
    - RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
    - RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 02)
    - RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
    - RE: Month of Kernel Bugs - day 1 Craig Schmugar (Nov 03)
    - RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 04)
    - RE: Month of Kernel Bugs - day 1 Gadi Evron (Nov 02)
    - Re: Month of Kernel Bugs - day 1 Dude VanWinkle (Nov 02)