lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAH8yC8=OpQQ465khaENdTZa1wY_gP0Vqg4gynQBSdTnP-bG_TA@mail.gmail.com>
Date: Thu, 18 Oct 2012 16:47:47 -0400
From: Jeffrey Walton <noloader@...il.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Before We Knew It

Before We Knew It,
http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf

ABSTRACT

Little is known about the duration and prevalence of zero-day attacks,
which exploit vulnerabilities that have not been disclosed publicly.
Knowledge of new vulnerabilities gives cyber criminals a free pass to
attack any target of their choosing, while remaining undetected.
Unfortunately, these serious threats are difficult to analyze,
because, in general, data is not available until after an attack is
discovered. Moreover, zero-day attacks are rare events that are
unlikely to be observed in honeypots or in lab experiments.

In this paper, we describe a method for automatically identifying
zero-day attacks from field-gathered data that records when benign and
malicious binaries are downloaded on 11 million real hosts around the
world. Searching this data set for malicious files that exploit known
vulnerabili- ties indicates which files appeared on the Internet
before the corresponding vulnerabilities were disclosed. We identify
18 vulnerabilities exploited before disclosure, of which 11 were not
previously known to have been employed in zero-day at- tacks. We also
find that a typical zero-day attack lasts 312 days on average and
that, after vulnerabilities are disclosed publicly, the volume of
attacks exploiting them increases by up to 5 orders of magnitude.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ