Dailydave mailing list archives

Re: A change

From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>
Date: Tue, 26 Jan 2010 19:41:52 -0200

Hey Ben,

As usual I believe you made really good points...

Seeing which bugs are exploitable: Using a naive approach, this scales
horribly poorly with money - non-linearly, to put it mildly. (...) but I don't know of anyone that has a great
result in the area yet - I'd love to be corrected.

Well, I'm also working on that as you know, since we basically are
analyzing the same data ;) and the results are really far from be good. 
So, from the effort I'm also putting on this I hope nobody will correct
you ;)

Creating nice, reliable exploits: I'd assert that this is like the
previous point, but even harder. To be honest, it's not really my
thing, so probably one of the people that write exploits for a living
would be better to comment, but from talking to those kind of guys,
it's often a very long road from 'woo we control ebx' to reliable
exploitation, especially against modern OSes and modern software that
has lots of stuff built in to make your life harder.

So here you have... With those systems almost every vulnerability is a
new, completely different history.  The tools are evolving to automate
some of the manual work, and as you know we have access to really great
tools, but far from be an automation.  I strongly doubt reliable
exploits are blowing out of fuzzer for the next years, so completely
agree it does not scales very well.  Even more if you add to that the
experience needed from previous vulnerabilities analyzed, ways people
used to avoid some limitations, and so far.  Many sources, so a learning
period noaways are really long.  Also, the learning period is increased
due to the actual complexity - it's hard to the novice to practice and
have fun.

So, while I think that 'simpler' is certainly unassailable, I would
need more than a two word assertion to be convinced that it is 'much'
simpler. If you give one team a million dollars and 100 people
selected at random from the top 10% graduating computer science and
you give the other team their pick of any 4 researchers in the world
and 3 imacs, whom does the smart money think will produce more weapons
grade 0day after 6 months?


I bet it is the group of 4... Even more when I think about the classes I
had at university... hehehe, kidding teachers, you where great...



Regards,


Rodrigo (BSDaemon).


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: A change, (continued)
- - - Re: A change Parity (Jan 19)
  - Re: A change Rich Smith (Jan 18)
  - Re: A change delchi delchi (Jan 20)
- Re: A change Nelson Brito (Jan 18)
  - Re: A change val smith (Jan 19)
  - Re: A change Matthew Wollenweber (Jan 20)
    - Re: A change Marius (Jan 20)
    - Re: A change Jim Manico (Jan 20)
    - Re: A change Menerick, John (Jan 24)
    - Re: A change Ben Nagy (Jan 26)
    - Re: A change Rodrigo Rubira Branco (BSDaemon) (Jan 27)
    - Re: A change Nick FitzGerald (Jan 27)
    - Re: A change Lurene Grenier (Jan 27)
    - Re: A change Dragos Ruiu (Jan 28)
- Re: A change Dragos Ruiu (Jan 20)
- Re: A change Haroon Meer (Jan 19)
  - Re: A change alexm (Jan 20)