| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200605131601.k4DG156I009906@turing-police.cc.vt.edu> Date: Sat May 13 17:01:26 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: How secure is software X? On Sat, 13 May 2006 15:35:22 +0200, Roman Medina-Heigl Hernandez said: > even accessed if the network were propperly segmented/firewalled. Or my > IDS noticed the 0day exploitation (not very sure of this }:-)). An IDS can almost never spot a 0day for the same reason almost all A/V solutions can't spot new viruses - if it's not in the templates, it's not malware it recognizes. If you're lucky, the attack packet is produced by something like Metasploit, and your IDS trips on the payload rather than the exploit part of the package. On the other hand, I'll guesstimate that most of thet time it doesn't matter in any real sense, since probably 90% of the sites that install a firewall or IDS then use that as an Alfred E Newman "Me worry?" excuse and don't patch their systems (leading to Marcus Ranum's "Hard crunchy outside, soft chewy inside" description of security). And then of course, the McSE (you want fries with that?) that "managed" the firewall/IDS moves on, so it's not getting updated either..... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060513/3e93ade3/attachment.bin
Powered by blists - more mailing lists