[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Facebook Attach EXE Vulnerability
- From: Peter Dawson <slash.pd@xxxxxxxxx>
- Date: Tue, 1 Nov 2011 11:56:43 -0400
Yes to a certain degree its all about " Saving FACE". .. however FB's
30member integrity team is only bothered about how to manage the vectors
that have been primed to protect.
FB is the largest network "protected" .. (YES big word Protected !! / they
have over 25B checks per day and reaching upto 65K/sec at peak. Building
an Immune System as large as FB's takes time, but its only on known
vectors. The unknown is never realized unless one is willing to collaborate
and confirm with user/community. Large Org's have the syndrome if living
in the "ivory tower" and that is the biggest downfall.
What could have happened if a zero day was filed and alternative markets
were sought with this bug ? Yes, alternative markets pay better !.. but
just saying. .what was damage ratios to users ?
/pd
On Tue, Nov 1, 2011 at 9:03 AM, Mikhail A. Utin
<mutin@xxxxxxxxxxxxxxxxxxxx>wrote:
> Face Book is trying to save its face. It's typical.
> I got the same answer from SonicWALL one year ago when discovered that
> simple internal network scanning (Nessus, Nmap, etc.) brings down entire
> network. The firewall internal TCP connections stack was overloaded within
> a few seconds (IPS is not enabled, thus was not accepting new connections.
>
> Mikhail A. Utin, CISSP
> Information Security Analyst
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/