lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 1 Nov 2011 11:56:43 -0400
From: Peter Dawson <slash.pd@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Facebook Attach EXE Vulnerability

Yes to a certain degree its all about " Saving FACE". .. however FB's
30member integrity team is only bothered about how to manage the vectors
that have been primed to protect.

FB is the  largest network "protected" .. (YES big word Protected !! / they
have over 25B checks per day and reaching upto 65K/sec at peak.  Building
an Immune System as large as FB's takes time, but its only on known
vectors. The unknown is never realized unless one is willing to collaborate
and confirm with user/community.   Large Org's have the syndrome if living
in the "ivory tower" and that is the biggest downfall.

What could have happened if a zero day was filed and alternative markets
were sought with this bug ?  Yes, alternative markets pay better !.. but
just saying. .what  was damage ratios to users ?


/pd

On Tue, Nov 1, 2011 at 9:03 AM, Mikhail A. Utin
<mutin@...monwealthcare.org>wrote:

> Face Book is trying to save its face. It's typical.
> I got the same answer from SonicWALL one year ago when discovered that
> simple internal network scanning (Nessus, Nmap, etc.) brings down entire
> network. The firewall internal TCP connections stack was overloaded within
> a few seconds (IPS is not enabled, thus was not accepting new connections.
>
> Mikhail A. Utin, CISSP
> Information Security Analyst
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ