Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs

[Dan Kaminsky <dan () doxpara com>]

On Wed, Mar 31, 2010 at 12:10 PM, <Valdis.Kletnieks () vt edu> wrote:

> On Wed, 31 Mar 2010 12:02:41 EDT, Dan Kaminsky said:
> > Yes, because if there's one thing people love to do, it's develop
> > exploits for patched vulnerabilities.
>
> Said exploits work really great against unpatched machines, of which there
> are far too many.

You know what *also* works really great against unpatched machines?
Unpatched vulnerabilities.

At the point you have the skill level to extract vulns from a binary diff,
you arguably have the skill level (and the pocket vulns) to prefer not to.

Of course this only applies to attack surfaces that have achieved predator
satiation (enough bugs that an attacker doesn't need to desperately hunt
down new ones -- aka the Cicada strategy).

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.