lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jun 24 17:40:19 2006 From: se_cur_ity at hotmail.com (Morning Wood) Subject: Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities >> >> What I am worried about for the moment is milw0rm. That site releases >> >> an >> >> average of 6 or 7 zero day exploits a day. It has increased the >> >> workload I >> >> have letting our IT folks know about new threats. A lot of these >> >> vulnerabilities are web/php based but pwn3d is pwn3d. if you had a clue you would realize that the majority ( my guess is 98% ) of the exploits on Millw0rm are not "0day", but are in fact released after vendor patches are available. ( mabey str0ke could help with his guess on the percentage ) for those that are released without vendor patches, they are generally due to the fact the the vendor is: 1. not contactable 2. non responsive to the researcher 3. ignorant in cases 2 and 3 ( common ) the researcher releases them to HELP bring the awareness to the vendor and users that "foobar" software is buggy and need be either fixed by the vendor or removed by users and replaced by a better solution. I suppose you would rather these float around only in the underground and then you would have NO clue as to how you got "pwn3d", possibly you should have gotten into the offensive security side of things so you dont have to worry instead of going for the classic defensive security position you obviously dread. clue up! MW
Powered by blists - more mailing lists