Re: A change

[alexm <alexm () immunityinc com>]

> If I was using the test to determine how my sandboxing worked, it  
> could make sense. If I was testing to see how my "anti exploitation  
> mechanisms" were working it could make sense. In the absence of any  
> sort of reactive defence, is there value in a semi-automated "click  
> here to get owned by 0day you can't currently defend against" type of  
> service?[1]

I think so but in this context it's a corner case. Given a desktop
computer which is part of a corporate network, has no protection
mechanisms other than what is provided via it's current updates and it
is in no kind of network or VM sandbox. Essentially, no real protection
at all. Then having an 0day automated test gives you ammunition, in the
form of real and reproducible test results, to demand that some of these
protection mechanisms be put into place. I say corner case because we're
discussing a service Immunity provides and advertised on this list, if
the day-to-day security of a corporation is at the described level I'd
say it's going to be pretty unlikely they'd be reading DD in the first
place :)


This then raises the question that if the sys-admin's gamble works and
security dollars go in their direction but they still get owned after
all the software protections they've asked for are put in place, what
then? How good are your logs and backups?

-AlexM
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave