Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Absolute Sownage (A concise history of recent Sony hacks)

From: Sihan <sihanzheng () gmail com>
Date: Sat, 11 Jun 2011 09:00:50 -0400
On 11/06/2011 2:29 AM, Georgi Guninski wrote:

if you eliminate 95% of the holes, it may be
*effectively* secure, simply because it isn't worth the attacker's time to
fight for the other 5%

wtf?

if someone has working exploit, the probability of breaking is 100% no matter what the constant 95% is claimed to be.

about fighting for 5%: malware like nimbda and code red appear counterexamples -
i suppose they automatically fought for 100% and got what they could get (quite above your 5%).


I tend to think about it this way, everybody knows how to exploit the 
95% of holes, only 5% know how to exploit the last 5% of holes. 
Generally speaking, the last 5% is harder to exploit, or they only exist 
under very specific instances. Or else everyone will know how to exploit 
them

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: