Dailydave mailing list archives
Re: Exploits matter.
From: c0lists <lists () carnal0wnage com>
Date: Wed, 7 Oct 2009 19:35:51 -0400
On Wed, Oct 7, 2009 at 2:39 PM, security curmudgeon <jericho () attrition org>wrote:
On Wed, 7 Oct 2009, dave wrote: : This raises an interesting question. What is a "public" exploit? Buying : CANVAS costs less than four thousand dollars and is (thankfully :>) a : reasonably common thing for companies to have. If a working, 100% : reliable exploit is in the hands of the ten thousand people who care, : shouldn't that be considered "public"? : : It just seems weird to me that all the news articles on SMBv2 focus so : much on whether or not you can download a working version of the exploit : over the Internet, when all the people who could actually do anything : with it already had it. Ten thousand or not, I cannot download the exploit from Immunity's web site, milw0rm or anywhere else, correct? To me, and to OSVDB who tracks that metric, that is flagged as 'rumored/private'.
Then perhaps someone should update OSVDB to include "for pay" exploits/tools as a category just like bugtraq/bid does with comments. Because all those databases are incomplete it would be nice if "someone" would start putting that information in their db to say immunity has the exploit or core impact has the exploit. there is a big difference (to me) between rumored/private and for pay. -CG
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploits matter. dave (Oct 06)
- Re: Exploits matter. dan (Oct 07)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Re: Exploits matter. dan (Oct 07)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Tom Parker (Oct 08)
- Re: Exploits matter. alexm (Oct 08)
- Re: Exploits matter. vincent hinderer (Oct 08)
- Re: Exploits matter. security curmudgeon (Oct 08)