Re: [Full-disclosure] Absolute Sownage (A concise history of recent Sony hacks)

[coderman <coderman@xxxxxxxxx>]

On Fri, Jun 10, 2011 at 11:29 PM, Georgi Guninski <guninski@xxxxxxxxxxxx> wrote:
>> if you eliminate 95% of the holes, it may be
>> *effectively* secure, simply because it isn't worth the attacker's time to
>> fight for the other 5%
>
> wtf?
>
> if someone has working exploit, the probability of breaking is 100% no matter 
> what the constant 95% is claimed to be.

consider it this way: when programming the "weird machine" to do your
bidding some vectors to vuln are context-agnostic and readily
repeatable. (the 95%)

the other 5% are present in the specific configuration or context of
system under attack and thus require actual technical ability and
insight to traverse the vuln vectors. (or exploit chain, or attack
tree, or whatever you want to call it.)

cover the 95% and you won't be an HBGary, Sony, LulzSec target.

however, don't interpret this as evidence you can't get hacked six
ways to sunday by someone with the skillz.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/