I seem to recall VRT putting out a blog post of the reasoning for their signature creation methods. Write to block the vulnerability vs exploit? I cant seem to find it.
This is brought on by ISS selling their "non signature" based model, which enables them to have a signature that blocks the adobe 0day since 2008, whereas Snort just recently created a sig for it. 17233 <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt __________________________________ Albert R. Campa On Mon, Sep 13, 2010 at 1:58 PM, Juan Cortes <[email protected]>wrote: > We are currently evaluating both sourcefire n tippingpoint. Love snort so > we r biased but we r testing both. We currently have shitty-iss. > > On Sep 13, 2010 12:36 PM, "Carlos Perez" <[email protected]> > wrote: > > I'm biased to Tippingpoint and SourceFire, hate McFee models > > Sent from my iPhone > > > On Sep 13, 2010, at 12:30 PM, Craig Freyman <[email protected]> > wrote: > > > Budget time, need to... > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected]... > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
