[<prev] [next>] [day] [month] [year] [list]
Message-ID: <81637804AB36A644BBDE3ED9DD4E73FD9C495B@hermes.eCompany.gov>
Date: Fri, 13 Feb 2004 10:53:44 -0800
From: "Drew Copley" <dcopley@...e.com>
To: "Joe Quigley" <joe.quigley@...um.com>, <bugtraq@...urityfocus.com>
Cc: <full-disclosure@...ts.netsys.com>
Subject: RE: W2K source "leaked"?
> -----Original Message-----
> From: Joe Quigley [mailto:joe.quigley@...um.com]
> Sent: Friday, February 13, 2004 9:00 AM
> To: Drew Copley; Gadi Evron; bugtraq@...urityfocus.com
> Cc: full-disclosure@...ts.netsys.com
> Subject: RE: W2K source "leaked"?
>
> Drew Copley once said:
>
> > We should prepare for this now.
>
>
> Anyone care to comment how we can prepare for this?? Except for moving
> from the Windows platform, I don't see how we can. Please do not take
> this as knock against Drew and his opinion. It most certainly isn't. I
> really would like to hear others thoughts on this.
>
> Thanks in advance.
What is knocking my opinion? I just said there is a problem. There are a
lot of potential solutions. And, it isn't a Windows only problem.
Some solutions are class based anomaly detection, kernel level hooking
(systrace), hardware and software protection against exploit code like
dll rebasing or secure compilers, etc, etc.
A lot of companies have already been protecting their clients against
new vulnerabilities. This isn't a new issue at all. But, I don't think a
lot of people really think about it as they should.
>
>
>
>
> > -----Original Message-----
> > From: Gadi Evron [mailto:ge@...tistical.reprehensible.net]
> > Sent: Thursday, February 12, 2004 1:49 PM
> > To: bugtraq@...urityfocus.com
> > Cc: full-disclosure@...ts.netsys.com; Thor Larholm
> > Subject: W2K source "leaked"?
> >
> > A couple of days ago a friend of mine drew my attention to
> the source
> > making rounds on the encrypted p2p networks, I was hoping it
> > would take
> > a bit longer for it to be "out", but that was just day-dreaming.
> >
> > Thor Larholm just gave me this URL, as you can notice, the
> > server is busy:
> > http://www.neowin.net/comments.php?id=17509
> >
> > I never believed in 0-days. "New" or more to the point
> > un-known-to-the-public exploits and vulnerabilities exist and
> > are being
> > used.
> > In my opinion "0-days" virtually don't exist. It's usually
> either some
> > vulnerability that is long known and a COP or a worm is created. Or
> > exploits that will nearly never see the "public" but exist
> > and are used
> > by few individuals.. but now... I don't know.
> >
> > How often does a brand new exploit come out without prior
> warning and
> > "attack" the net?
> >
> > *If* this really is the.. _real_ source code for W2K (and
> according to
> > the article NT4 as well).... we'll see what happens next.
> >
> > People didn't need help finding vulnerabilities in Windows
> before, but
> > it just became a whole lot easier and a lot less demanding
> on the "m4d
> > #4x0r 5k111z".
>
> This assumption reveals a lot about the merits of open source, doesn't
> it.
>
> Why should any of this be surprising to anyone? Haven't we
> all seen how
> screeners make it onto the net, even screeners sent to eighty
> something
> old Oscar judges? So, of course someone leaked this. It would have
> happened sooner or later.
>
> As for your comments on zero day, I have some strong opinions on that:
>
> First, I recall two massive zero day exploits being used last
> year. One
> in IE being used by spammers and one in IIS.
>
> We should expect this trend to advance exponentially, I would think,
> just considering the amount of people coming online, the natural
> progression of security, the infiltration time required for the market
> to meet the demand and such other natural factors.
>
> Read: organized crime, corrupt governments and corporations
> and such...
> have yet to really understand the unorthodox ways of bugfinding or the
> power of the field. But that they will... That is simply a force of
> nature. It is inevitable.
>
> We should prepare for this now.
>
> But, like most events similar to this in history, we won't.
> Or, we won't
> do a very good job of it. Maybe others are more optimistic.
>
>
> >
> > I can't really say that the article is right and the source
> > was "leaked"
> > or "stolen". The source is being sold/given (?) for years
> now to EDU's
> > and commercial companies for research purposes (not to
> > mention China..).
> > I suppose foul play is always possible.
> >
> > Can anyone confirm this is the real source code? How about a press
> > release? :)
> >
> > Gadi Evron
> >
> >
> >
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists