[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Absolute Sownage (A concise history of recent Sony hacks)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Absolute Sownage (A concise history of recent Sony hacks)
- From: Sihan <sihanzheng@xxxxxxxxx>
- Date: Sat, 11 Jun 2011 09:00:50 -0400
On 11/06/2011 2:29 AM, Georgi Guninski wrote:
>> if you eliminate 95% of the holes, it may be
>> *effectively* secure, simply because it isn't worth the attacker's time to
>> fight for the other 5%
> wtf?
>
> if someone has working exploit, the probability of breaking is 100% no matter
> what the constant 95% is claimed to be.
>
> about fighting for 5%: malware like nimbda and code red appear
> counterexamples -
> i suppose they automatically fought for 100% and got what they could get
> (quite above your 5%).
>
I tend to think about it this way, everybody knows how to exploit the
95% of holes, only 5% know how to exploit the last 5% of holes.
Generally speaking, the last 5% is harder to exploit, or they only exist
under very specific instances. Or else everyone will know how to exploit
them
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/