teh bad guys know more than u. nd most of the people who read this list. On Fri, Dec 19, 2008 at 3:23 PM, n3td3v <[email protected]> wrote: > On Fri, Dec 19, 2008 at 3:36 PM, Bipin Gautam <[email protected]> wrote: >> stop putting so much of attention to 0-day and possible use of it by >> government to get into a terrorist pc. >> >> if breaking into someones pc was a matter of national security >> importance 0-day may provide a easy leverage but you really dont need >> a 0-day to get into someones pc, neither you'd need a already >> existing/known backdoor, neither you'd need to bruteforce into the >> advisory or a physical access to it. >> >> all they need to do is poison a unsigned executable/plugin/update with >> a backdoor instead, that is being downloaded to the advisory computer >> over an unencrypted connection if you can control the network gateway >> or have isp level access. such attacks "could" work regardless of the >> OS or patch level. >> > > You're giving the bad guys clues on what to avoid or will the bad guys > be aware of all the possible attack vectors the government might be > using already? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
