Dailydave mailing list archives
Opt Out Day
From: dave <dave () immunityinc com>
Date: Wed, 17 Nov 2010 09:23:19 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Immunity used to release 0days quite a bit. Probably the most notable one was RealServer/HelixServer, which was a reliable remote root in the current media server of the time. At some point we stopped doing that, largely because we felt we'd already made our point. At the same time, today you have to look at all the places getting hacked and think: "It can't ALL be because of SQL Injection, right?" If you look at Stuxnet and think "Wow, that absolutely has to be a nation state - 4 0days!" then you've perhaps missed the point. It's like when people see the CLOUDBURST talk and then go ahead and put all their data in a public IaaS cloud provider, because, "thank heavens THAT exploit is gone!" At the same time, you look at the hoopla around X-ray scanners at the airports (or "nudey-scans" or whatever you want to call them). (If you're twittering #optoutday then this means you! :>). Metal detectors are a WWII technology; they're like the NIDS of physical security. If Immunity sold a device that neutralized metal detectors would that make people stop whining about the slightly better but horribly expensive scanning system now in place in airports? Who here with a soldering iron, a cell phone, and an electromagnet doesn't think they can beat them? - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkzj5VcACgkQtehAhL0ghepxvACfUjv4yVoyK01c84cK7U4MfyVs MKIAniYYEmLqVlxon5V5fQANLGa0gS2B =rdoL -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Opt Out Day dave (Dec 06)