[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0H2E00GT1F292P@smtp1.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: RE: remote kernel exploits?
> Personally I could really care less about "0-day exploits". There are a
> thousand ways to penetrate a machine that are more effective then
> relying on finding that one obscure piece of code. Why doesn't anyone
> ever discuss interception, people seem to bent on the latest
> vulnerability. Then again what do I know. Maybe it IS all about
> "0-day".
Technologists, not surprisingly, tend to focus on problems that can
be fixed by tweaking the technology. Social engineering and many of
the useful/successful interception methods of "attack" are not
particularly solvable by technologists (the ethics of human NDA
research tend to "get in the way" here... 8-) ).
As the people on this list are in some sense mainly technologists,
the bias you point out in the concerns discussed here is quite
understandable. You are, of course, right that there are many
low-tech/no-tech attack methodologies but the people on lists such as
this are not the people who will "fix" them, so they're not likely to
get as much air-time here.
Regards,
Nick FitzGerald
Powered by blists - more mailing lists