RE: [ISN] InfoSec 2003: 'Zero-day' attacks seen as growing threat

From: InfoSec News (isn@private)
Date: Tue Dec 16 2003 - 03:34:14 PST

Next message: InfoSec News: "[ISN] Nagano gov't hackers easily infiltrate 'Big Brother' network"

Previous message: InfoSec News: "[ISN] IPv6 fears seen unfounded"
Maybe in reply to: InfoSec News: "[ISN] InfoSec 2003: 'Zero-day' attacks seen as growing threat"
Next in thread: InfoSec News: "RE: [ISN] InfoSec 2003: 'Zero-day' attacks seen as growing threat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Pete Lindstrom <petelind@private>

That is of course the paradox here, but one would think that over time
there would be much more specific information (i.e. real evidence, not
the typical "if I told you I'd have to kill you" nudge, nudge, wink,
wink b.s.) about zero-day attacks after they happened.

AFAIK, the only zero-days that have been identified after the fact
(which by definition is the only way we can identify them) are the
WebDAV exploit earlier this year and Dave Aitel's Real Server exploit.
I would love to add to this list of zero-days that we eventually found
out about if anyone has first-hand accounts...

FYI, I define zero-day exploits as exploits that were used to actually
compromise a system ("in the wild") before the vulnerability was known
to exist by most security professionals (not published on public
security mailing lists - CERT, Bugtraq, Full Disclosure, Vendors,
etc.). Any past examples out there?

I don't agree with your last statement that very few things will pick
up something awry - the really smart security folks are working with
honeypots, ids solutions, and other network monitoring solutions to do
just that. This is an area that requires much more attention and
intelligence - rather than beating on an application looking for new
vulnerabilities.

Pete

Pete Lindstrom, CISSP
Research Director
Spire Security, LLC
www.spiresecurity.com
(w) 610-644-9064
 

> -----Original Message-----
> From: owner-isn@private 
> [mailto:owner-isn@private] On Behalf Of InfoSec News
> Sent: Monday, December 15, 2003 6:14 AM
> To: isn@private
> Subject: Re: [ISN] InfoSec 2003: 'Zero-day' attacks seen as 
> growing threat 
> 
> Forwarded from: "Jack Whitsitt (jofny)" <xaphan@private>
> 
> > Although they have been seen as a major security threat for some
> > time, there haven't yet been any major zero-day attacks.
> 
> ...That anyone has noticed and have also been allowed to report.  
> You'd think someone would mention that due to the fact that theyre
> unpatched and unknown, nothing (well, very few things)  will pick up
> that something is awry.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Nagano gov't hackers easily infiltrate 'Big Brother' network"
Previous message: InfoSec News: "[ISN] IPv6 fears seen unfounded"
Maybe in reply to: InfoSec News: "[ISN] InfoSec 2003: 'Zero-day' attacks seen as growing threat"
Next in thread: InfoSec News: "RE: [ISN] InfoSec 2003: 'Zero-day' attacks seen as growing threat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 06:14:01 PST