Re: How do I defend against 0day?

[Nate Lawson <nate () root org>]

Jeffrey Czerniak wrote:
> On Mon, Apr 20, 2009 at 11:45 AM, Andre Gironda <andreg () gmail com> wrote:
> > Every 0-day threat is different.  Imagine telling doctors that they
> > can't allow disease, infections, et al to spread in a dying patient in
> > order to determine root-cause (ala House, the TV show).  If you are
> > interested in understanding the problem, then you should also be
> > interested in "hacking into other people's computers" (or at least
> > your own computers).
>
> Ok, I'll accept the premise.  So let's say I buy CANVAS with all the
> extra toppings, and use it to hack into my own machine.   From the
> self-administered pen test, I discover that I'm vulnerable to x remote
> root exploits, and that my browser can be exploited via y different
> heap overflows in Firefox.
>
> If I am a rational decision-maker, what do I do with this information?
>   My first instinct would be to tell the vendors, "fix this stuff
> now!"    But according to immunitysec.com, I can't do that since
> CANVAS et al. are protected via NDA.
>
> So how do I leverage this new information to make myself safer and/or
> more secure?

You find a mitigating approach ("disable javascript in PDF readers" or
"switch from acrobat reader to preview" or "add Diehard to PDF reader in
addition to browsers") and apply it to your desktops. Then you re-test
and make sure you've fixed the problem.

If this doesn't make sense to you or sounds too hard, then you're
probably not in an organization where 0-day matters. Relax and wait for
vendor patches that will appear some year.

-- 
Nate
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave