Dailydave mailing list archives
Re: A change
From: Haroon Meer <haroon () sensepost com>
Date: Tue, 19 Jan 2010 12:30:09 +0200
Hi Dave (all) On 15 Jan 2010, at 20:39, dave <dave () immunityinc com> wrote:
...... Perhaps the era of IDS and AV and scanners has come to an abrupt end? We can only hope. Everyone says an attack is "sophisticated" whenever any 0day is involved. But that should be the baseline. Or rather, it IS the baseline and everyone seems to just be finding out. One of the things Immunity has been including in our services but is now offering seperately is a client-side 0day penetration test against a single host using CANVAS technology. You get your penetration verified during phone consultation. And you receive real-time analyst interpretation of results, plus delivery of log data at the end. For more information you can contact mark () immunityinc com.
I'm not usually the first person to defend IDS or AV, but contrasted with a "client-side 0day penetration test against a single host" it raises an interesting question.. If we do assume that 0day is the baseline, then surely a test that exposes a host to a subset of 0day (without some sort of *cough* heuristic defence or detection) achieves very little? Ie. To misuse the quote, I would now know that I can be owned by known (by canvas subscribers) unknowns, but it says nothing new of my education/stance to the unknown unknowns. (If I assumed from the start that 0day was the baseline.. Then I have learned nothing new from this experience.) If I was using the test to determine how my sandboxing worked, it could make sense. If I was testing to see how my "anti exploitation mechanisms" were working it could make sense. In the absence of any sort of reactive defence, is there value in a semi-automated "click here to get owned by 0day you can't currently defend against" type of service?[1] [1] Unless of course you are a vendor, and find it cheaper to capture the CANVAS 0day list this way, instead of signing up for a subscription __ Haroon Meer haroon () sensepost com +27 83 786 6637 ** CRM114 Whitelisted by: From haroon () sensepost com ** _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: A change, (continued)
- Re: A change Matthew Wollenweber (Jan 20)
- Re: A change Marius (Jan 20)
- Re: A change Jim Manico (Jan 20)
- Re: A change Menerick, John (Jan 24)
- Re: A change Ben Nagy (Jan 26)
- Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
- Re: A change Nick FitzGerald (Jan 27)
- Re: A change Lurene Grenier (Jan 27)
- Re: A change Dragos Ruiu (Jan 28)
- Re: A change Matthew Wollenweber (Jan 20)
- Re: A change alexm (Jan 20)