Dailydave mailing list archives

Re: A change

From: "Menerick, John" <jmenerick () netsuite com>
Date: Thu, 21 Jan 2010 09:17:48 -0800

Comments inline

On Jan 20, 2010, at 2:04 PM, Jim Manico wrote:

Hello DD,

Is the recent ie6 0-day anything special?


Not really.  Not as special as the NT <-> Win 7 issue recently highlighted.

How many similar 0-days are
for sale on the black market?


Quite a few.

What is the rate/difficulty for discovery
of new windows-based 0-days for the common MS and Adobe products that
are installed on almost every corporate client? (I heard Dave mention
that discovery is getting more difficult)?


Not terribly difficult for someone who is dedicated.  Then again, my idea of difficult is much different from the avg. 
person

How easy is discovery for
someone with resources like the Chinese government?


Much simpler.

 How bad is it
really?


Look at the CVSSv2 score and adjust it to the environments where you determine "how bad it is."  It could be much worse.

I suspect we are just looking at one grain of sand in a beach of
0-days....


Correct.  No one wants to let everyone else know what cards they hold in their hand, the tools in their toolbox, etc....



John Menerick
http://securewebappsec.com


-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for 
the sole use of the intended recipient for the stated purpose.  Any improper use or distribution is prohibited.  If you 
are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or 
destroy all transmitted information.  Please note that all communications and information transmitted through this 
email system may be monitored by NetSuite or its agents and that all incoming email is automatically scanned by a third 
party spam and filtering service.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: A change, (continued)
- Re: A change Charles Miller (Jan 15)
  - Re: A change Moxie Marlinspike (Jan 15)
    - Re: A change Parity (Jan 19)
  - Re: A change Rich Smith (Jan 18)
  - Re: A change delchi delchi (Jan 20)
- Re: A change Nelson Brito (Jan 18)
  - Re: A change val smith (Jan 19)
  - Re: A change Matthew Wollenweber (Jan 20)
    - Re: A change Marius (Jan 20)
    - Re: A change Jim Manico (Jan 20)
    - Re: A change Menerick, John (Jan 24)
    - Re: A change Ben Nagy (Jan 26)
    - Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
    - Re: A change Nick FitzGerald (Jan 27)
    - Re: A change Lurene Grenier (Jan 27)
    - Re: A change Dragos Ruiu (Jan 28)
- Re: A change Dragos Ruiu (Jan 20)
- Re: A change Haroon Meer (Jan 19)
  - Re: A change alexm (Jan 20)