Dailydave mailing list archives

How do I defend against 0day?

From: Jeffrey Czerniak <jeffcz () gmail com>
Date: Sun, 19 Apr 2009 16:55:09 -0400

(Moved this conversation to dailydave per Dave's suggestion)

Pardon my naivete... I am somewhere on the spectrum between "paid
security professional" and "Symantec said zero infections, how did
they get my bank password?"    I'm one of those schmoes who reads
security blogs, follows the NSA hardening guidelines, patches
regularly, browses with Firefox/NoScript, but still realizes that
there are 0day threats out there that could compromise my machine.

On Twitter, Adam Shostack argued that in effect, I'm doing the right
thing.  (http://twitter.com/adamshostack/status/1527933467)

Dave responded, no, 0day is rampant and I'm screwed.
(http://twitter.com/daveaitel/status/1553055665)

When I asked Dave what I should be doing to protect myself, he
suggested I buy a copy of CANVAS, an Early Updates subscription, and
take a class from Immunity.
(http://twitter.com/daveaitel/status/1554813723)

I have a couple of questions now.   One, how do I put up a reasonable
defense against 0day vulnerabilities?   Two, how does purchasing a
bunch of 0day from Immunity help me reach that goal?   It seems like
the purchase of CANVAS Early Updates would bring me from "I am
certainly vulnerable to undefined 0day threats, and don't know how to
protect myself" to "I now know about dozens of specific
vulnerabilities in the software I use, and am scared shitless".

Does CANVAS Early Updates come with a live dynamic binary patching
system that protects me from the threats you've found?   Otherwise, I
don't know why I'd buy CANVAS since I'm not interested in hacking into
other people's computers, and the non-disclosure agreement I'd have to
sign would prevent me from disclosing those vulnerabilities to the
vendors, thus I'm not really any safer.

Let me ask this question from another perspective:  let's say I won
the lottery tomorrow and bought an Early Updates subscription.
Certainly the IP I'd be buying access to is valuable to Immunity and
you don't want it shared with vendors or your competition.   What
security precautions would you insist I take on the machine I stored
that IP on?

Thanks for reading this,

Jeff
geekable.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

How do I defend against 0day? Jeffrey Czerniak (Apr 20)
- Re: How do I defend against 0day? Ron Gula (Apr 20)
- Message not available
  - Re: How do I defend against 0day? Jeffrey Czerniak (Apr 20)
    - Message not available
    - Re: How do I defend against 0day? Jeffrey Czerniak (Apr 20)
    - Re: How do I defend against 0day? Lurene Grenier (Apr 21)
    - Re: How do I defend against 0day? Halvar Flake (Apr 21)
    - Re: How do I defend against 0day? Nate Lawson (Apr 20)
- Re: How do I defend against 0day? Richard Bejtlich (Apr 20)
  - Re: How do I defend against 0day? Nathan Landon (Apr 20)