> -----Original Message----- > From: Joe Quigley [mailto:[EMAIL PROTECTED] > Sent: Friday, February 13, 2004 9:00 AM > To: Drew Copley; Gadi Evron; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: W2K source "leaked"? > > Drew Copley once said: > > > We should prepare for this now. > > > Anyone care to comment how we can prepare for this?? Except for moving > from the Windows platform, I don't see how we can. Please do not take > this as knock against Drew and his opinion. It most certainly isn't. I > really would like to hear others thoughts on this. > > Thanks in advance.
What is knocking my opinion? I just said there is a problem. There are a lot of potential solutions. And, it isn't a Windows only problem. Some solutions are class based anomaly detection, kernel level hooking (systrace), hardware and software protection against exploit code like dll rebasing or secure compilers, etc, etc. A lot of companies have already been protecting their clients against new vulnerabilities. This isn't a new issue at all. But, I don't think a lot of people really think about it as they should. > > > > > > -----Original Message----- > > From: Gadi Evron [mailto:[EMAIL PROTECTED] > > Sent: Thursday, February 12, 2004 1:49 PM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED]; Thor Larholm > > Subject: W2K source "leaked"? > > > > A couple of days ago a friend of mine drew my attention to > the source > > making rounds on the encrypted p2p networks, I was hoping it > > would take > > a bit longer for it to be "out", but that was just day-dreaming. > > > > Thor Larholm just gave me this URL, as you can notice, the > > server is busy: > > http://www.neowin.net/comments.php?id=17509 > > > > I never believed in 0-days. "New" or more to the point > > un-known-to-the-public exploits and vulnerabilities exist and > > are being > > used. > > In my opinion "0-days" virtually don't exist. It's usually > either some > > vulnerability that is long known and a COP or a worm is created. Or > > exploits that will nearly never see the "public" but exist > > and are used > > by few individuals.. but now... I don't know. > > > > How often does a brand new exploit come out without prior > warning and > > "attack" the net? > > > > *If* this really is the.. _real_ source code for W2K (and > according to > > the article NT4 as well).... we'll see what happens next. > > > > People didn't need help finding vulnerabilities in Windows > before, but > > it just became a whole lot easier and a lot less demanding > on the "m4d > > #4x0r 5k111z". > > This assumption reveals a lot about the merits of open source, doesn't > it. > > Why should any of this be surprising to anyone? Haven't we > all seen how > screeners make it onto the net, even screeners sent to eighty > something > old Oscar judges? So, of course someone leaked this. It would have > happened sooner or later. > > As for your comments on zero day, I have some strong opinions on that: > > First, I recall two massive zero day exploits being used last > year. One > in IE being used by spammers and one in IIS. > > We should expect this trend to advance exponentially, I would think, > just considering the amount of people coming online, the natural > progression of security, the infiltration time required for the market > to meet the demand and such other natural factors. > > Read: organized crime, corrupt governments and corporations > and such... > have yet to really understand the unorthodox ways of bugfinding or the > power of the field. But that they will... That is simply a force of > nature. It is inevitable. > > We should prepare for this now. > > But, like most events similar to this in history, we won't. > Or, we won't > do a very good job of it. Maybe others are more optimistic. > > > > > > I can't really say that the article is right and the source > > was "leaked" > > or "stolen". The source is being sold/given (?) for years > now to EDU's > > and commercial companies for research purposes (not to > > mention China..). > > I suppose foul play is always possible. > > > > Can anyone confirm this is the real source code? How about a press > > release? :) > > > > Gadi Evron > > > > > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
