| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <402D0E96.2050807@egotistical.reprehensible.net> Date: Fri, 13 Feb 2004 19:51:18 +0200 From: Gadi Evron <ge@...tistical.reprehensible.net> To: Drew Copley <dcopley@...e.com> Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: W2K source "leaked"? > As for your comments on zero day, I have some strong opinions on that: > > First, I recall two massive zero day exploits being used last year. One > in IE being used by spammers and one in IIS. Two out of how many? > > We should expect this trend to advance exponentially, I would think, > just considering the amount of people coming online, the natural > progression of security, the infiltration time required for the market > to meet the demand and such other natural factors. That's the future, not the present. :) > > Read: organized crime, corrupt governments and corporations and such... > have yet to really understand the unorthodox ways of bugfinding or the > power of the field. But that they will... That is simply a force of > nature. It is inevitable. > Why would organized crime (etc.) chose to make such exploits in their arsenal public? > We should prepare for this now. > > But, like most events similar to this in history, we won't. Or, we won't > do a very good job of it. Maybe others are more optimistic. > Of course we will, after-the-fact. :) Gadi Evron. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists