lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <405F770B.4020701@immunitysec.com> From: dave at immunitysec.com (Dave Aitel) Subject: When do exploits get used? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jay Beale wrote: | Luke Scharf wrote: | |> On Mon, 2004-03-22 at 14:46, Paul Schmehl wrote: |> |> |>> To think otherwise is foolish, as I said. If one isn't |>> paranoid, one probably doesn't belong in the security field. |>> If you're sitting back thinking you're safe because you're |>> patched and you patch quickly, then you're unalert and exposed. |>> |>> |> |> |> Patching, passwords, and basic-permissions *are*, however, the |> 10% of the work that gets 90% of the benefit. All the stuff that |> we get excited about here is just icing on the cake. |> |> | I think you're going to quickly change your mind as soon as the | first 0-day worm comes out. All the patching in the world doesn't | save us if the attackers ever get a widely-used exploit against a | non-public vulnerability. At that point, internal firewalling and | system hardening, to say the least, take center stage. (Of course, | you could add to these, or potentially replace these with, some | particular host-based intrusion prevention/kernel modification | solutions, but I'll leave that one alone for now.) | | The day of the 0-day worm is coming, or at least the | close-enough-to-0-day worm, that organizations that do patch often | will still get badly compromised. This basically comes down to a | question of windows of vulnerability. Your window of vulnerability | to a given exploit comes down to the sum of three time windows: Why the focus on worms again? Worms are what happen when good exploits are wasted. No one who has an exploit wants a worm to come out. This is why a real 0day worm is probably not coming out any time soon, imo. | Patching isn't really 90%. It seems like that because | organizations still aren't keeping up with patches and thus don't | know what would have happened if they had. It seems like that | because we're not getting caught in the first two parts of our | windows of vulnerability that often just yet. If a worm comes out | in time window 1 or 2, your 1-hour patch turnaround won't save you. | It always boggles me that people will patch production systems for remote SYSTEM vulnerabilities. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAX3cKzOrqAtg8JS8RAsAEAKC/mo8O2+pOvqrRy2oSdPqmMVmjoACglrMM g1N5vh1Pi+Gm3ItLYEM0xAU= =rI8X -----END PGP SIGNATURE-----
Powered by blists - more mailing lists