Dailydave mailing list archives
Re: Exploits matter.
From: Tom Parker <tom () rooted net>
Date: Wed, 7 Oct 2009 11:26:39 -0400
IMO, when it comes to exploits.. as a rule of thumb; if it can be purchased in a non-exclusive manner, or found on the interwebs == public. I suppose you could argue that the second an exploit leaves your system, whether to give away, share with a peer for research purposes, or to sell - it becomes public; however there's obviously an element of subjectivity here. After all, one mans 0day that they just paid for when buying <insert commercial security tool here> is the nexts 180+day. :> On Wed, Oct 7, 2009 at 7:31 AM, dave <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This raises an interesting question. What is a "public" exploit? Buying CANVAS costs less than four thousand dollars and is (thankfully :>) a reasonably common thing for companies to have. If a working, 100% reliable exploit is in the hands of the ten thousand people who care, shouldn't that be considered "public"? It just seems weird to me that all the news articles on SMBv2 focus so much on whether or not you can download a working version of the exploit over the Internet, when all the people who could actually do anything with it already had it. - -dave dan () geer org wrote:> > The summary is this: You may think increasing exploit costs > is a simply good thing. But the side effect of relying on > mitigations as opposed to software assurance is that it is > getting extremely expensive to avoid being drowned in the > noise. > The other side effect is that for exploitable vulnerabilities a rising fraction are privately held as the probability that you will give away something is inversely proportional to what it cost you to obtain it. --dan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkrMfBwACgkQtehAhL0gherNMwCfQXm3RGhLwk5ETO4DCgw/a257 CA4Aniz2UpfFjt08SWBNvw+UROkO2hup =EizD -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploits matter. dave (Oct 06)
- Re: Exploits matter. dan (Oct 07)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Re: Exploits matter. dan (Oct 07)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Tom Parker (Oct 08)
- Re: Exploits matter. alexm (Oct 08)