There is a gartner analyst arguing the point on my blog post. Anyone who can go chirp in?
http://blogs.securiteam.com/index.php/archives/712 On Thu, 2 Nov 2006, Craig Schmugar wrote: > [Gadi] You know how insecure you are, and what you need to protect yourself. > What programs to use, what not to use. What IDS signatures you may need, and > what vendor you need to preasure. > > [Craig] My point is that the majority of the Internet will not know (and > subsequently not protect themselves, and not pressure the vendor -- most > aren't equipped to do so anyway). > > [Gadi] Many of these have exploit code in the hands of bad people, so YES, > we will see worms using this as a direct result, but we will also no longer > see many directed attacks using them. > > [Craig] > Have to disagree there. WMF, createTxtRange, MS06-040 etc were abused much > more after exploit code was readily available and Blaster and Sasser may > never have existed if exploit wasn't so public. > > I am not saying that hackers don't exploit unpublished vuln, of course they > do, but the number of victims and amount of damage jumps exponentially once > that exploit is readily available. And I can't endorse irresponsible > disclosure. One of the arguments for irresponsible disclosure is that > certain vendors won't release a patch or will take too long to release a > patch without it. However, when you have 0-day threats like CVE-2005-0944 > that have remained unpatched for more than 18 months (Ok, maybe this isn't > your average 0-day response), you have to wonder how strong that argument is > anymore [and I use this example as it's still an actively exploited remote > code execution vulnerability]. > > Craig > > > -----Original Message----- > From: Gadi Evron [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 02, 2006 12:13 AM > To: Craig Schmugar > Cc: 'Fergie'; [email protected] > Subject: RE: [funsec] Month of Kernel Bugs - day 1 > > On Wed, 1 Nov 2006, Craig Schmugar wrote: > > > As an educated consumer: yes. > > > > Then I'll add the word "all" to my statement [I might question the > > phrase "these days" in Gadi's statement "you are all more secure these > > days"] > > > > all <> "educated consumer" > > Erm, all more secure these days, as a statement, links back to my previous > words in that paragraph/text. > > Why do you disagree, let's open it for discussion. > > > > Craig > > > > -----Original Message----- > > From: Fergie [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 01, 2006 8:02 PM > > To: [EMAIL PROTECTED] > > Cc: [email protected] > > Subject: RE: [funsec] Month of Kernel Bugs - day 1 > > > > As an educated consumer: yes. > > > > - ferg > > > > > > > > -- "Craig Schmugar" <[EMAIL PROTECTED]> wrote: > > > > Patch patch patch? What patch? Last time I checked there were 2 or > > maybe 3 patches available for the 25 IE-related MoBB issues (from July). > > > > So, I might question the phrase "these days" in Gadi's statement "you > > are all more secure these days" > > > > Craig > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of [EMAIL PROTECTED] > > Sent: Wednesday, November 01, 2006 10:02 AM > > To: Gadi Evron > > Cc: FunSec [List] > > Subject: Re: [funsec] Month of Kernel Bugs - day 1 > > > > On Wed, 01 Nov 2006 10:41:17 CST, Gadi Evron said: > > > And don't anyone dare speak against HD Moore. He is the reason you > > > are all more secure these days. Not less so. > > > > Amen to that - fire up Metasploit, build and launch something, and > > then mention that *every* hacker has a copy. Makes even the most > > recalcitrant user curl up like a breaded prawn and want to go home and > > patch patch patch > > ;) > > > > (That, and Metasploit building blocks are an *incredible* reference if > > you're building *other* tools to look for either exploits or payloads. > > ;) > > > > > > > > -- > > "Fergie", a.k.a. Paul Ferguson > > Engineering Architecture for the Internet fergdawg(at)netzero.net > > ferg's tech blog: http://fergdawg.blogspot.com/ > > > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
