Full Disclosure mailing list archives
Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Sat, 24 Jun 2006 09:40:42 -0700
>> What I am worried about for the moment is milw0rm. That site releases >> an >> average of 6 or 7 zero day exploits a day. It has increased the >> workload I>> have letting our IT folks know about new threats. A lot of these >> vulnerabilities are web/php based but pwn3d is pwn3d.
if you had a clue you would realize that the majority ( my guess is 98% ) of the exploits on Millw0rm are not "0day", but are in fact released after vendor patches
are available. ( mabey str0ke could help with his guess on the percentage ) for those that are released without vendor patches, they are generally due to the fact the the vendor is: 1. not contactable 2. non responsive to the researcher 3. ignorant in cases 2 and 3 ( common ) the researcher releases them to HELP bring theawareness to the vendor and users that "foobar" software is buggy and need be either fixed by the vendor or removed by users and replaced by a better solution.
I suppose you would rather these float around only in the underground and then you would have NO clue as to how you got "pwn3d", possibly you shouldhave gotten into the offensive security side of things so you dont have to worry instead of going for the classic defensive security position you obviously dread.
clue up! MW _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 23)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 23)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Morning Wood (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Jason (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Valdis . Kletnieks (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities David Taylor (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Jason (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities Gadi Evron (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Jason (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities Morning Wood (Jun 24)
- Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities David Taylor (Jun 23)