RE: [ISN] InfoSec 2003: 'Zero-day' attacks seen as growing threat

From: InfoSec News (isn@private)
Date: Tue Dec 16 2003 - 03:34:14 PST

  • Next message: InfoSec News: "[ISN] Nagano gov't hackers easily infiltrate 'Big Brother' network"

    Forwarded from: Pete Lindstrom <petelind@private>
    That is of course the paradox here, but one would think that over time
    there would be much more specific information (i.e. real evidence, not
    the typical "if I told you I'd have to kill you" nudge, nudge, wink,
    wink b.s.) about zero-day attacks after they happened.
    AFAIK, the only zero-days that have been identified after the fact
    (which by definition is the only way we can identify them) are the
    WebDAV exploit earlier this year and Dave Aitel's Real Server exploit.
    I would love to add to this list of zero-days that we eventually found
    out about if anyone has first-hand accounts...
    FYI, I define zero-day exploits as exploits that were used to actually
    compromise a system ("in the wild") before the vulnerability was known
    to exist by most security professionals (not published on public
    security mailing lists - CERT, Bugtraq, Full Disclosure, Vendors,
    etc.). Any past examples out there?
    I don't agree with your last statement that very few things will pick
    up something awry - the really smart security folks are working with
    honeypots, ids solutions, and other network monitoring solutions to do
    just that. This is an area that requires much more attention and
    intelligence - rather than beating on an application looking for new
    Pete Lindstrom, CISSP
    Research Director
    Spire Security, LLC
    (w) 610-644-9064
    > -----Original Message-----
    > From: owner-isn@private 
    > [mailto:owner-isn@private] On Behalf Of InfoSec News
    > Sent: Monday, December 15, 2003 6:14 AM
    > To: isn@private
    > Subject: Re: [ISN] InfoSec 2003: 'Zero-day' attacks seen as 
    > growing threat 
    > Forwarded from: "Jack Whitsitt (jofny)" <xaphan@private>
    > > Although they have been seen as a major security threat for some
    > > time, there haven't yet been any major zero-day attacks.
    > ...That anyone has noticed and have also been allowed to report.  
    > You'd think someone would mention that due to the fact that theyre
    > unpatched and unknown, nothing (well, very few things)  will pick up
    > that something is awry.
    ISN is currently hosted by
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 06:14:01 PST