[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: W2K source "leaked"?

To: Drew Copley <dcopley@eeye.com>
Subject: [Full-Disclosure] Re: W2K source "leaked"?
From: Gadi Evron <ge@egotistical.reprehensible.net>
Date: Fri, 13 Feb 2004 19:51:18 +0200

As for your comments on zero day, I have some strong opinions on that:
First, I recall two massive zero day exploits being used last year. One
in IE being used by spammers and one in IIS.

Two out of how many?

We should expect this trend to advance exponentially, I would think, just considering the amount of people coming online, the natural progression of security, the infiltration time required for the market to meet the demand and such other natural factors.

That's the future, not the present. :)

Read: organized crime, corrupt governments and corporations and such... have yet to really understand the unorthodox ways of bugfinding or the power of the field. But that they will... That is simply a force of nature. It is inevitable.

Why would organized crime (etc.) chose to make such exploits in their arsenal public?

We should prepare for this now.

But, like most events similar to this in history, we won't. Or, we won't
do a very good job of it. Maybe others are more optimistic.

Of course we will, after-the-fact. :)

Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] RE: W2K source "leaked"?
  - From: "Drew Copley" <dcopley@eeye.com>

Prev by Date: [Full-Disclosure] RE: W2K source "leaked"?
Next by Date: [Full-Disclosure] Re: W2K source "leaked"?
Previous by thread: [Full-Disclosure] RE: W2K source "leaked"?
Next by thread: [Full-Disclosure] RE: W2K source "leaked"?
Index(es):
- Date
- Thread