Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

What Car Does Dave Drive?

From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Sun, 07 Oct 2007 19:55:48 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you want to know the answer:

http://www.darkreading.com/document.asp?doc_id=135564&WT.svl=news1_2

One thing I don't quite get though:

<quote>
"We'll analyze a random printer DLL you have installed, write an
exploit, and use that on your network," he says, to help companies
better secure their environments.
</quote>

While I greatly respect skills needed to write sophisticated exploits, I
still don't see how exploit writing could be used to secure anything...?

You can, of course, use exploits to test some security products (e.g. an
IPS), but here we're talking about exploits for bugs in some custom
code. Many of us will agree that IPS are useless in this case, almost by
definition, and I think that Dave is one that will agree most eagerly
(search for IDS-related threads on this list). So, testing an IPS
against custom exploits for bugs in the custom code seems pretty much
useless, no?

The question is then: how you convince a client to pay you not only for
code audit (no doubt it's useful) but also to write an exploit for each
bug you find? I *really* would love to know the answer :)

Having said that all, I need to stress that I can't overestimate the
(educational) value of exploit writing for the whole IT security field
- -- one might not be following the latest trends in heaps exploits for
RPC thingis, but if one never wrote and understood an exploit there's
quite a big change that they simply "don't get it all". It's just I
don't see how individual companies would be interested in paying
somebody for preparing "educational material" for other researchers?

joanna.
-----BEGIN PGP SIGNATURE-----

iQEVAwUBRwkdoswG7MOLAMOlAQLddAf8C+woO44zTf08jiQX4w09QxTfekf81IfP
V8fUIb7MiDbtQAGIWGr65eJDS2AEEaPx4BlxUHVQe5pHLKVlzxlUa7J3XVNtLz2V
BCaBtiiNPJK/CZNTdQWtCE97uusrHIEcYGJ7eLH+SkotmAQjEHV2bSxGIpuk4qQw
r9KhAFh9+BgMCINBR9KITVm5QunLTuuCpV7ZuzjSApYfR3Y0nK0Z8pry9FjMtc2D
dCBrXOPXMaRFJ+HoUBE+0ZvRBD1iQb+cXh2UTwUN3KDORS2UqjXS2YbHekwYA8nF
lo+mEbXzhspLLa1ydBijgOL8ge5fOq7jRdecrh4awOE35edrO6SYdQ==
=RcnY
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: