| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Jun 2011 09:00:50 -0400 From: Sihan <sihanzheng@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Absolute Sownage (A concise history of recent Sony hacks) On 11/06/2011 2:29 AM, Georgi Guninski wrote: >> if you eliminate 95% of the holes, it may be >> *effectively* secure, simply because it isn't worth the attacker's time to >> fight for the other 5% > wtf? > > if someone has working exploit, the probability of breaking is 100% no matter what the constant 95% is claimed to be. > > about fighting for 5%: malware like nimbda and code red appear counterexamples - > i suppose they automatically fought for 100% and got what they could get (quite above your 5%). > I tend to think about it this way, everybody knows how to exploit the 95% of holes, only 5% know how to exploit the last 5% of holes. Generally speaking, the last 5% is harder to exploit, or they only exist under very specific instances. Or else everyone will know how to exploit them _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists