| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 30 19:58:39 2005 From: Jim.Slora at phra.com (James C Slora Jr) Subject: RE: Publishing exploit code - what is it good for I have used public exploits for: 1. Verifying that the manufacturer's recommendations have been followed and that they work. This was invaluable in the first few rounds of Microsoft RPC patches a couple of years ago - some patches appeared to have installed correctly but the machines were still vulnerable. They would not have been patched successfully without exploit testing. Yes, the public exploit code helped lead to widespread malware outbreaks, but those first few bugs were so blatant that black hats could exploit them easily anyway and the outbreaks still would have happened. Witness the continuing success of those vectors. The public exploits at least let us test to see if we were prepared. 2. Developing methods to detect the exploits. 3. Understanding the exploitation process better. This way I can make the hard sell on taking systems off line for patching with the appropriate urgency. 4. Blocking appropriate attack vectors (and thinking of other potential vectors), and making sure the attacks don't get through.
Powered by blists - more mailing lists