Dailydave mailing list archives
Re: The strategic difference of 0day
From: Rafal Los <rafal () IsHackingYou com>
Date: Tue, 14 Jun 2011 20:31:14 -0700
Maybe I'm just living too closely to this world but, Dave you already answered your own question. Why slave over nOP sleds and guessing at just the right memory addresses and hoping a system doesn't crash when you can walk right in through the web app and take what you want, or worse, implant yourself I think organizations have "figured out" how to lock down ports after nearly three decades of security people preaching, and since there are much easier ways in...well hell why bother? So in the end I believe the answer is a mixture of risk/reward shift from attacking services and towards readily open applications, and some combination of "black hats keeping their cool 0day secret", too many script kids, and apathy. Raf / Wh1t3Rabbit On Jun 14, 2011, at 7:57 PM, "Anton Chuvakin" <anton () chuvakin org> wrote:
And you find yourself asking: Now how can that possibly be the case?Anybody want to bet whether the bugs died OR the disclosure? :-) -- Dr. Anton Chuvakin Blog: http://www.securitywarrior.org _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The strategic difference of 0day Dave Aitel (Jun 14)
- Re: The strategic difference of 0day Anton Chuvakin (Jun 14)
- Re: The strategic difference of 0day Rafal Los (Jun 15)
- Re: The strategic difference of 0day Andre Gironda (Jun 15)
- Re: The strategic difference of 0day security curmudgeon (Jun 15)
- Re: The strategic difference of 0day Rafal Los (Jun 15)
- Re: The strategic difference of 0day Robert Lemos (Jun 15)
- Re: The strategic difference of 0day Anton Chuvakin (Jun 14)