Forwarded from: Pete Lindstrom <[EMAIL PROTECTED]>
That is of course the paradox here, but one would think that over time
there would be much more specific information (i.e. real evidence, not
the typical "if I told you I'd have to kill you" nudge, nudge, wink,
wink b.s.) about zero-day attacks after they happened.
AFAIK, the only zero-days that have been identified after the fact
(which by definition is the only way we can identify them) are the
WebDAV exploit earlier this year and Dave Aitel's Real Server exploit.
I would love to add to this list of zero-days that we eventually found
out about if anyone has first-hand accounts...
FYI, I define zero-day exploits as exploits that were used to actually
compromise a system ("in the wild") before the vulnerability was known
to exist by most security professionals (not published on public
security mailing lists - CERT, Bugtraq, Full Disclosure, Vendors,
etc.). Any past examples out there?
I don't agree with your last statement that very few things will pick
up something awry - the really smart security folks are working with
honeypots, ids solutions, and other network monitoring solutions to do
just that. This is an area that requires much more attention and
intelligence - rather than beating on an application looking for new
vulnerabilities.
Pete
Pete Lindstrom, CISSP
Research Director
Spire Security, LLC
www.spiresecurity.com
(w) 610-644-9064
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of InfoSec News
> Sent: Monday, December 15, 2003 6:14 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [ISN] InfoSec 2003: 'Zero-day' attacks seen as
> growing threat
>
> Forwarded from: "Jack Whitsitt (jofny)" <[EMAIL PROTECTED]>
>
> > Although they have been seen as a major security threat for some
> > time, there haven't yet been any major zero-day attacks.
>
> ...That anyone has noticed and have also been allowed to report.
> You'd think someone would mention that due to the fact that theyre
> unpatched and unknown, nothing (well, very few things) will pick up
> that something is awry.
-
ISN is currently hosted by Attrition.org
To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn'
in the BODY of the mail.
