Security Incidents mailing list archives

Re: how often do 0-days REALLY happen?

From: Greg Francis <francis () gonzaga edu>
Date: Tue, 08 Jan 2002 16:41:07 -0800


I learned the hard way that exploits can occur very rapidly once the exploit
is announced. I was administering a Unix server and a particular IMAP
exploit was announced. Being relatively new to server admin, I didn't do
anything about it for a couple of days. Within the first week, the server
had been exploited. I happen to be logged on when the exploit occurred so I
was able to respond quickly and get it offline.

I've since learned to install patches with high vulnerability quickly. I'm
still reluctant to install certain Microsoft patches because they sometimes
break things but it's either face that risk or a potential attack.

Greg


on 1/8/02 3:53 PM, leon at leon () inyc com wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

I have been reading this list for a couple of years now and I just
got done reading hacker's challenge.  Great book (hi to everyone who
contributed and reads this list, I know David D is one of them).  The
book is quite unique in how it goes about presenting itself.
Basically it is 20 challenges (here is what happened, here are the
logs, and here are some questions).  At the end of the book are the
solutions (how a security professional figured out xy and most
importantly z).  The reason I wrote the subject heading as I did is
because throughout the book they show case after case of remote
exploit all for vulns that are months old.  On this list and the sec
basics I constantly (relative I know) hear people talking about being
compromised by vulns that patches have been available for, for
months.  So I ask upon you incidents list (ye who have SO MUCH more
experience then I) do systems being compromised by zero day exploits
really happen (I am sure they happen but I am really curious as to
the frequency and how a professional goes about dealing with a never
seen before exploit.)  Just figured I would throw that out there and
see how everyone responds because I was thinking about it on the walk
home (hey, shoot me, it is cold in nyc, gotta do something to keep
from freezing). 

Cheers & TIA,

Leon



-- 
Greg Francis
Sr. System Administrator
Gonzaga University
francis () gonzaga edu
509-323-6896


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

how often do 0-days REALLY happen? leon (Jan 08)
- Re: how often do 0-days REALLY happen? Greg Francis (Jan 08)
- Re: how often do 0-days REALLY happen? Ryan Russell (Jan 08)
- Re: how often do 0-days REALLY happen? Michal Zalewski (Jan 08)
- Re: how often do 0-days REALLY happen? Gamble (Jan 08)
- RE: how often do 0-days REALLY happen? Ofir Arkin (Jan 09)
- <Possible follow-ups>
- RE: how often do 0-days REALLY happen? leon (Jan 08)
- Re: how often do 0-days REALLY happen? Randy Taylor (Jan 09)