lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <015f01c6e320$1a823f80$0100000a@avivcomp>
Date: Thu, 28 Sep 2006 19:04:00 +0200
From: "avivra" <avivra@...il.com>
To: "'Pukhraj Singh'" <pukhraj.singh@...il.com>
Cc: EArsal@...hdata.de, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com
Subject: Re: VML Exploit vs. AV/IPS/IDS signatures


With any luck, not too much. The point is that there is a way to do it, and
if there is a way, someone will use it in a bad manner eventually.
We can only hope that the users will count more on vulnerability/behavior
based security solutions, and not exploit based security solutions.

-- Aviv.

-----Original Message-----
From: Pukhraj Singh [mailto:pukhraj.singh@...il.com] 
Sent: Thursday, September 28, 2006 7:37 AM
To: avivra
Cc: karmic_nirvana@...oo.com; EArsal@...hdata.de;
full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures

And you tell me how many of these variants you will actually find in
the wild. Won't be a significant number I bet.

Cheers!
Pukhraj

On 9/27/06, avivra <avivra@...il.com> wrote:
> Hi,
>
> > i.e. I can't afford to buy "specialized" security tools/devices for
> > "speclialized" attacks unless my company relies heavily on web/content
> > services.
>
> So, you will buy "specialized" security tools like firewall or
> Anti-Virus, but not web content filtering tool?
>
> > In our company, we established a information-sharing
> > network with other security companies. So the real-time exploit-facing
> > signatures were then subjected to live traffic, honeypots and countless
> > variants; They seemed to work out pretty well.
>
> I would like to see how your real-time signatures get updated with the
> randomization implemented in the new VML metasploit module. Your
> "countless" exploit variants will become really innumerable.
>
> The problem is that the signatures are written for the exploit, and
> not for the vulnerability.
>
> -- Aviv.
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ