lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Paul Schmehl)
Subject: When do exploits get used?

--On Monday, March 22, 2004 05:04:43 PM +0000 Ben Laurie 
<ben@...roup.co.uk> wrote:

Note: I changed the subject to more accurately reflect the discussion.
>>
>> This is foolish thinking.  Do you really think that, when a patch comes
>> out, *then* the hackers start working on exploits?  The exploits were
>> being used *long* before the patch comes out.  The only thing a patch
>> gets you is protection against *future* hack attempts against *that*
>> weakness.
>
> This is demonstrably not true - it depends who finds the problem.
>
So, it's not true, except it depends?  Then it is true.

Not *every* exploit comes out after a patch is released, but it's a fact 
that *some* exploits are in use long before a "researcher" reports them to 
a vendor and/or a patch comes out.

To think otherwise is foolish, as I said.  If one isn't paranoid, one 
probably doesn't belong in the security field.  If you're sitting back 
thinking you're safe because you're patched and you patch quickly, then 
you're unalert and exposed.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ