Forwarded from: Pete Lindstrom <petelind@private> That is of course the paradox here, but one would think that over time there would be much more specific information (i.e. real evidence, not the typical "if I told you I'd have to kill you" nudge, nudge, wink, wink b.s.) about zero-day attacks after they happened. AFAIK, the only zero-days that have been identified after the fact (which by definition is the only way we can identify them) are the WebDAV exploit earlier this year and Dave Aitel's Real Server exploit. I would love to add to this list of zero-days that we eventually found out about if anyone has first-hand accounts... FYI, I define zero-day exploits as exploits that were used to actually compromise a system ("in the wild") before the vulnerability was known to exist by most security professionals (not published on public security mailing lists - CERT, Bugtraq, Full Disclosure, Vendors, etc.). Any past examples out there? I don't agree with your last statement that very few things will pick up something awry - the really smart security folks are working with honeypots, ids solutions, and other network monitoring solutions to do just that. This is an area that requires much more attention and intelligence - rather than beating on an application looking for new vulnerabilities. Pete Pete Lindstrom, CISSP Research Director Spire Security, LLC www.spiresecurity.com (w) 610-644-9064 > -----Original Message----- > From: owner-isn@private > [mailto:owner-isn@private] On Behalf Of InfoSec News > Sent: Monday, December 15, 2003 6:14 AM > To: isn@private > Subject: Re: [ISN] InfoSec 2003: 'Zero-day' attacks seen as > growing threat > > Forwarded from: "Jack Whitsitt (jofny)" <xaphan@private> > > > Although they have been seen as a major security threat for some > > time, there haven't yet been any major zero-day attacks. > > ...That anyone has noticed and have also been allowed to report. > You'd think someone would mention that due to the fact that theyre > unpatched and unknown, nothing (well, very few things) will pick up > that something is awry. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 06:14:01 PST