Dailydave mailing list archives
Re: lots of monkeys staring at a screen....security?
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Mon, 30 Oct 2006 15:38:49 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/06, Joanna Rutkowska <joanna () invisiblethings org> wrote:Kevin Johnson wrote:Part of any defense is the ability to detect when things fail. I think that we want to throw out technology because it doesn't do everything. I see every day systems being attacked by simplistic old attacks that IDS systems can warn you about.I might be missing something, but I really don't get why we should care about all those "simplistic old attacks" - shouldn't we already be immune to them? joanna.
hey, let's do the bottom-posting, shall we? ;)
David Maynor wrote:No, everytime somebody does a fresh install of Windows 2000 for some project and doesn't update to the current patch levels you can be hit by those same old attacks. Alot of people forget that not every company in the world is focused on security and as long as something works doing things like applying patches or upgrading to the latest versions is not the most important thing.
That's the point! So many people think that they can be lazy with patching because they have an IDS/IPS which is going to protect them... But the ID/PS is usually capable of blocking only known exploits for a particular bug. So, in fact, it doesn't even protect them against the old vulnerabilities being exploited, only against the old, unmodified exploits. Not to mention tricks, like Dave's "covertness bar" :) joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFFRg54ORdkotfEW84RAuJMAKCPZV0fw8Fl8QyanmOjwfDiQHp6IgCfQ5tK 5RcEMX5fYTEmeC28LNddXKI= =EZdt -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: lots of monkeys staring at a screen....security?, (continued)
- Re: lots of monkeys staring at a screen....security? Thomas Ptacek (Oct 29)
- Re: lots of monkeys staring at a screen....security? Gadi Evron (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Paul Wouters (Oct 27)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 27)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 30)
- Re: lots of monkeys staring at a screen....security? Ross Brown (Oct 31)
- Re: lots of monkeys staring at a screen....security? Jan Münther (Oct 29)
- Re: lots of monkeys staring at a screen....security? dmc (Oct 30)