Re: How do I defend against 0day?

[Jeffrey Czerniak <jeffcz () gmail com>]

On Mon, Apr 20, 2009 at 11:37 AM, Halvar Flake <halvar () gmx de> wrote:
> I hope my post is not perceived as horribly rude, and please be aware
> that I do not intend to offend in any way. And apologies up front if I do.
>
> Is this a serious post ?

Yes.

On Mon, Apr 20, 2009 at 11:45 AM, Andre Gironda <andreg () gmail com> wrote:
> Every 0-day threat is different.  Imagine telling doctors that they
> can't allow disease, infections, et al to spread in a dying patient in
> order to determine root-cause (ala House, the TV show).  If you are
> interested in understanding the problem, then you should also be
> interested in "hacking into other people's computers" (or at least
> your own computers).

Ok, I'll accept the premise.  So let's say I buy CANVAS with all the
extra toppings, and use it to hack into my own machine.   From the
self-administered pen test, I discover that I'm vulnerable to x remote
root exploits, and that my browser can be exploited via y different
heap overflows in Firefox.

If I am a rational decision-maker, what do I do with this information?
  My first instinct would be to tell the vendors, "fix this stuff
now!"    But according to immunitysec.com, I can't do that since
CANVAS et al. are protected via NDA.

So how do I leverage this new information to make myself safer and/or
more secure?

Jeff
geekable.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave