Sniping

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
So rather than just having every vendor snipe each other on this list,
which is amusing to watch, but like Focus-IDS, gets boring after a
while, I've decided to have a contest. Every major vendor is on this
list, so I'm not going to spam it around. Here it is:

You, the vendor, provide a Virtual Machine, Installer, appliance, or
similar object. I run our new MS06-014 exploit through it and tell
everyone how you did. You can do it whenever you want - obviously the
public will reward promptness with claps and lateness with jeers. You
don't get the exploit until the next CANVAS release, which will
obviously make it a lot easier.

As a side note, one interesting thing about client-side exploits is
that you don't need to have them all to be effective. There's usually
100000 of them and if you just have one reliable one, then you can
ignore the rest. The sole exception is when you're trying to test an
IDS or protective measure of some kind, in which case you need
completeness like any other test.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFEP6AjtehAhL0gheoRAqcRAJ0aXOsSEKPzvvjDQI5u34Om59B+OgCfYDxR
MSCo6xPv6TlGDhfb+AZZx5g=
=gJS0
-----END PGP SIGNATURE-----