WebApp Sec mailing list archives
Re: [Full-disclosure] Anti-Virus vendors prove less-effective
From: "David Kierznowski" <david.kierznowski () gmail com>
Date: Wed, 25 Apr 2007 18:33:50 -0400
James, this is the problem with AV in general and not specific to this problem. detecting the problem & defense in depth mitigates zero-day, however, when very basic code gets past AV this is definitely an area that needs work. 24/04/07, James Matthews <nytrokiss () gmail com> wrote:
How can these people put out a good product against scripts where you can change anything and it will still work! On 4/24/07, David Kierznowski <david.kierznowski () gmail com> wrote: > > Web Backdoor Compilation along with Dancho Danchev AV research has proven > how less-effective many of these products are when detecting web malware. > > The results are certainly not a shocker but definately an eye opener. WBC > has certainly demonstrated what all security researchers already know, this > area needs work! > > See: http://michaeldaw.org/news/news-042407/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com
------------------------------------------------------------------------- Sponsored by: WatchfireCross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA --------------------------------------------------------------------------
Current thread:
- Re: [Full-disclosure] Anti-Virus vendors prove less-effective David Kierznowski (Apr 26)