| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4b6ee9310811080645r54dbb30dx17706bebb1b7e2d7@mail.gmail.com> Date: Sat, 8 Nov 2008 14:45:31 +0000 From: n3td3v <xploitable@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Two bulletins from Microsoft on Patch Tuesday There is no evidence of 0day in the wild for the upcoming patches and Microsoft have released no information to suggest so. On Fri, Nov 7, 2008 at 4:18 PM, <Valdis.Kletnieks@...edu> wrote: > 2) There's a very high chance that at least some percent of the black-hat > community is sitting on a 0-day exploit for these, that they've been using > for directed attacks under the radar (and in fact, a good chance that the > bulletin was issued because somebody's attack *didn't* go under the radar, > and that's how the white hats got a copy of the exploit). This bulletin > is a heads-up to those black hats that their 0-day is going to be dropping > in value a lot starting Tuesday - so it's "smoke em if you got em" time. > > For bonus points - compute what percent of advisories released next week > that *claim* to be reverse-engineering of the binary diff are actually > drops of 0-days that just became useless... ;) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists