Opt Out Day

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Immunity used to release 0days quite a bit. Probably the most notable one was
RealServer/HelixServer, which was a reliable remote root in the current media server
of the time.

At some point we stopped doing that, largely because we felt we'd already made our point.

At the same time, today you have to look at all the places getting hacked and think:
"It can't ALL be because of SQL Injection, right?" If you look at Stuxnet and think
"Wow, that absolutely has to be a nation state - 4 0days!" then you've perhaps missed
the point. It's like when people see the CLOUDBURST talk and then go ahead and put
all their data in a public IaaS cloud provider, because, "thank heavens THAT exploit
is gone!"

At the same time, you look at the hoopla around X-ray scanners at the airports (or
"nudey-scans" or whatever you want to call them). (If you're twittering #optoutday
then this means you! :>).

Metal detectors are a WWII technology; they're like the NIDS of physical security. If
Immunity sold a device that neutralized metal detectors would that make people stop
whining about the slightly better but horribly expensive scanning system now in place
in airports? Who here with a soldering iron, a cell phone, and an electromagnet
doesn't think they can beat them?

- -dave


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkzj5VcACgkQtehAhL0ghepxvACfUjv4yVoyK01c84cK7U4MfyVs
MKIAniYYEmLqVlxon5V5fQANLGa0gS2B
=rdoL
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave