On Wed, Mar 31, 2010 at 12:10 PM, <[email protected]> wrote: > On Wed, 31 Mar 2010 12:02:41 EDT, Dan Kaminsky said: > > Yes, because if there's one thing people love to do, it's develop > > exploits for patched vulnerabilities. > > Said exploits work really great against unpatched machines, of which there > are far too many. >
You know what *also* works really great against unpatched machines? Unpatched vulnerabilities. At the point you have the skill level to extract vulns from a binary diff, you arguably have the skill level (and the pocket vulns) to prefer not to. Of course this only applies to attack surfaces that have achieved predator satiation (enough bugs that an attacker doesn't need to desperately hunt down new ones -- aka the Cicada strategy).
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
