Re: lots of monkeys staring at a screen....security?

[Joanna Rutkowska <joanna () invisiblethings org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On 10/29/06, Joanna Rutkowska <joanna () invisiblethings org> wrote:
> >
> Kevin Johnson wrote:
> > Part of any defense is the ability to detect when things fail.  I
> > think that we want to throw out technology because it doesn't do
> > everything.  I see every day systems being attacked by simplistic old
> > attacks that IDS systems can warn you about.
>
> I might be missing something, but I really don't get why we should care
> about all those "simplistic old attacks" - shouldn't we already be
> immune to them?
>
> joanna.

hey, let's do the bottom-posting, shall we? ;)

> David Maynor wrote:
> > No, everytime somebody does a fresh install of Windows 2000 for some
> > project
> > and doesn't update to the current patch levels you can be hit by those same
> > old attacks. Alot of people forget that not every company in the world is
> > focused on security and as long as something works doing things like
> > applying patches or upgrading to the latest versions is not the most
> > important thing.

That's the point! So many people think that they can be lazy with
patching because they have an IDS/IPS which is going to protect them...
But the ID/PS is usually capable of blocking only known exploits for a
particular bug. So, in fact, it doesn't even protect them against the
old vulnerabilities being exploited, only against the old, unmodified
exploits. Not to mention tricks, like Dave's "covertness bar" :)

joanna.
-----BEGIN PGP SIGNATURE-----

iD8DBQFFRg54ORdkotfEW84RAuJMAKCPZV0fw8Fl8QyanmOjwfDiQHp6IgCfQ5tK
5RcEMX5fYTEmeC28LNddXKI=
=EZdt
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave