Full Disclosure mailing list archives
Re: unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products]
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Tue, 31 Oct 2006 20:40:49 -0000
Gadi Evron wrote:
Nothing really surprises me anymore. The quality of advisories and QA people do seems to be dropping, especially when it comes to File Inclusions. The level of false positives posted in the last couple of weeks is staggering. Folks use Google Code Search to find vulns, and don't notice they are fixed 3 lines above the "bug" and that three lines below, there is another one. Last week, one of these File Inclusion vulns worked only if you disabled two security functions that work by default...
Up to this day, vulnerabilities and exploits would be researched to a level, and released AS-IS. This is fast becoming impracticle.
If the S/N ratio of ADVISORIES rather than ML traffic becomes even lower due to unreliable submissions, our jobs will indeed become much, much harder.
:) Perhaps the antisec/bantown crew have developed a new strategy to try and shut-down FD by flooding it with useless-but-valid-seeming information? Just as spammers have moved on from random hashbuster strings to including chunks of real english text from news reports and books, so the antisec posters have moved on from furry pr0n and gay lames to real-yet-wrong bug reports. Subtle, you'll never get even a really good bayesian filter to discriminate between valid and bogus bug reports! cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products] Gadi Evron (Oct 30)
- Re: unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products] Dave "No, not that one" Korn (Oct 31)