Exploits matter.

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I spent some time after yesterday's CANVAS release, which included the
SMBv2 CANVAS exploit (Release note here:
https://forum.immunityinc.com/board/thread/39/canvas-release-6-51/ )
looking at exploit statistics. Like Morpheus, I wanted to put some
numbers on a feeling you may have been having.

That feeling is this: Exploits against Windows are hard now.

It takes an average of 3 person-months per exploit now. That's a long
time. Or in other words, that's a lot of money.

But if you are like me, you are thinking "But it's still worth it". And
here's why: Without exploits, you have no way to know what matters. Or,
more realistically, what doesn't matter. I.E. in this case, 64 bit
computers are not going to be exploited with SMBv2 any time soon, of at
all. Since enterprises skipped Vista and use 64 bit for their Windows
2008 servers, SMBv2 didn't hurt as badly as you would expect.

The summary is this: You may think increasing exploit costs is a simply
good thing. But the side effect of relying on mitigations as opposed to
software assurance is that it is getting extremely expensive to avoid
being drowned in the noise.

- -dave






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkrLUFgACgkQtehAhL0gherhJgCdH0rueH+25i6seTgikS7CE19e
UdwAn1Tf31lo5c9qOs9zk8fdFukSnvNW
=KSMa
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave