Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Absolute Sownage (A concise history of recent Sony hacks)

From: coderman <coderman () gmail com>
Date: Tue, 14 Jun 2011 19:42:37 -0700
On Fri, Jun 10, 2011 at 11:29 PM, Georgi Guninski <guninski () guninski com> wrote:

if you eliminate 95% of the holes, it may be
*effectively* secure, simply because it isn't worth the attacker's time to
fight for the other 5%


wtf?

if someone has working exploit, the probability of breaking is 100% no matter what the constant 95% is claimed to be.


consider it this way: when programming the "weird machine" to do your
bidding some vectors to vuln are context-agnostic and readily
repeatable. (the 95%)

the other 5% are present in the specific configuration or context of
system under attack and thus require actual technical ability and
insight to traverse the vuln vectors. (or exploit chain, or attack
tree, or whatever you want to call it.)

cover the 95% and you won't be an HBGary, Sony, LulzSec target.

however, don't interpret this as evidence you can't get hacked six
ways to sunday by someone with the skillz.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: