Re: unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products]

["Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>]

Gadi Evron wrote:

> Nothing really surprises me anymore. The quality of advisories and QA
> people do seems to be dropping, especially when it comes to File
> Inclusions. The level of false positives posted in the last couple of
> weeks is staggering.
>
> Folks use Google Code Search to find vulns, and don't notice they are
> fixed 3 lines above the "bug" and that three lines below, there is
> another one.
>
> Last week, one of these File Inclusion vulns worked only if you
> disabled two security functions that work by default...

> Up to this day, vulnerabilities and exploits would be researched to a
> level, and released AS-IS. This is fast becoming impracticle.

> If the S/N ratio of ADVISORIES rather than ML traffic becomes even
> lower
> due to unreliable submissions, our jobs will indeed become much, much
> harder.

  :)  Perhaps the antisec/bantown crew have developed a new strategy to try 
and shut-down FD by flooding it with useless-but-valid-seeming information? 
Just as spammers have moved on from random hashbuster strings to including 
chunks of real english text from news reports and books, so the antisec 
posters have moved on from furry pr0n and gay lames to real-yet-wrong bug 
reports.  Subtle, you'll never get even a really good bayesian filter to 
discriminate between valid and bogus bug reports!

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/