lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Feb 2004 19:51:18 +0200
From: Gadi Evron <ge@...tistical.reprehensible.net>
To: Drew Copley <dcopley@...e.com>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: W2K source "leaked"?


> As for your comments on zero day, I have some strong opinions on that:
> 
> First, I recall two massive zero day exploits being used last year. One
> in IE being used by spammers and one in IIS.

Two out of how many?

> 
> We should expect this trend to advance exponentially, I would think,
> just considering the amount of people coming online, the natural
> progression of security, the infiltration time required for the market
> to meet the demand and such other natural factors. 

That's the future, not the present. :)

> 
> Read: organized crime, corrupt governments and corporations and such...
> have yet to really understand the unorthodox ways of bugfinding or the
> power of the field. But that they will... That is simply a force of
> nature. It is inevitable. 
> 

Why would organized crime (etc.) chose to make such exploits in their 
arsenal public?

> We should prepare for this now.
> 
> But, like most events similar to this in history, we won't. Or, we won't
> do a very good job of it. Maybe others are more optimistic.
> 

Of course we will, after-the-fact. :)

	Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists