If you were building a scanner today that probed the whole "interesting" Internet, you may or may not find that there are any good remotely exploitable vulnerabilities. Now, of course you will find lots of PHP bugs, SQL Injections, and other web-related things. Apparently you can own senate.gov with such things, or PBS.org, or Sony.
But if you're old like the hills, you may remember a day when you could overflow things like Apache and IIS, and RPC services were accessible, and FTP servers in common use had 0day in them. And of course, there were weirder bugs - web proxy bugs, firewall bugs, MTA bugs, SQL Server bugs, etc. But take today's Microsoft Tuesday patches <http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx>, or even the last 20 month's of Microsoft Tuesday patches, and find me *one* good remote. *Nothing*, right? MS08_067 is the last worthy thing in your toolbox? From three years ago? And you find yourself asking: /Now how can that possibly be the case?/ -dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
