Dailydave mailing list archives
Re: Movies, ponds, and MS08_025.
From: "Stephen John Smoogen" <smooge () gmail com>
Date: Tue, 8 Apr 2008 14:53:25 -0600
On Tue, Apr 8, 2008 at 1:51 PM, Dave Aitel <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Movies: http://www.immunityinc.com/documentation/ms08_025.html Ah, the fun of a picture that changes over time. I guess the point with that little flash screencast is: It's not "exploit Wednesday"[1] anymore. Everyone's instinct is to attack the most secure platform - for example, when a patch only affects IE6, people think "whatever", but then I get emails from people who's entire large government organizations are standardized on IE6. So IE6 bugs ARE important, which is nice because it's a much deeper pond to fish in. - -dave [1] I really hate that term anyways. It implies that exploits derive from patches, instead of the other way around. It sounds like something Jeff Jones would come up with. :>
Well there are a bunch of people who only look at what is patched and then use it for their own feeding fests. They are also the ones usually caught/stopped/etc and so it makes it look more like exploits come from patches versus the other. The smart guys who rarely get caught or attention have been using the vulnerability for a lot longer. Yes, it is quite common that IE6 is in heavy usage.. its one of the reasons I saw Vista being delayed at a site. All the business tools only work with IE6 and so that is what everyone uses. Some places are trying to limit attack vectors by putting IE6 and god awful old versions of Word in VM's that the users connect to. However, how secure or useful that is.. I am not sure. As you said, the flashy get the flag in Vista etc is the eye candy that gets reporters, blogs, etc attention. The finding an exploit in a 5-7 year old version of Word gets poo-poo'd but since 80% of your 'moneyed' victims are still using it.. its what you want (plus you don't grab the attention that might get you busted sooner.) -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Movies, ponds, and MS08_025. Dave Aitel (Apr 08)
- Re: Movies, ponds, and MS08_025. Stephen John Smoogen (Apr 08)