| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050630175402.762AC3A742B@mail31-red.bigfish.com> Date: Thu, 30 Jun 2005 13:50:32 -0400 From: "James C Slora Jr" <Jim.Slora@...a.com> To: "'Aviram Jenik'" <aviram@...ondsecurity.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: RE: Publishing exploit code - what is it good for I have used public exploits for: 1. Verifying that the manufacturer's recommendations have been followed and that they work. This was invaluable in the first few rounds of Microsoft RPC patches a couple of years ago - some patches appeared to have installed correctly but the machines were still vulnerable. They would not have been patched successfully without exploit testing. Yes, the public exploit code helped lead to widespread malware outbreaks, but those first few bugs were so blatant that black hats could exploit them easily anyway and the outbreaks still would have happened. Witness the continuing success of those vectors. The public exploits at least let us test to see if we were prepared. 2. Developing methods to detect the exploits. 3. Understanding the exploitation process better. This way I can make the hard sell on taking systems off line for patching with the appropriate urgency. 4. Blocking appropriate attack vectors (and thinking of other potential vectors), and making sure the attacks don't get through. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists