funsec mailing list archives
Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 31 Mar 2010 12:19:32 -0400
On Wed, Mar 31, 2010 at 12:10 PM, <Valdis.Kletnieks () vt edu> wrote:
On Wed, 31 Mar 2010 12:02:41 EDT, Dan Kaminsky said:Yes, because if there's one thing people love to do, it's develop exploits for patched vulnerabilities.Said exploits work really great against unpatched machines, of which there are far too many.
You know what *also* works really great against unpatched machines? Unpatched vulnerabilities. At the point you have the skill level to extract vulns from a binary diff, you arguably have the skill level (and the pocket vulns) to prefer not to. Of course this only applies to attack surfaces that have achieved predator satiation (enough bugs that an attacker doesn't need to desperately hunt down new ones -- aka the Cicada strategy).
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 28)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Dan Kaminsky (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Valdis . Kletnieks (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Dan Kaminsky (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Blue Boar (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Craig Schmugar (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Nick FitzGerald (Mar 31)