Re: how often do 0-days REALLY happen?

From: Greg Francis (francisat_private)
Date: Tue Jan 08 2002 - 16:41:07 PST

  • Next message: Ryan Russell: "Re: how often do 0-days REALLY happen?"

    I learned the hard way that exploits can occur very rapidly once the exploit
    is announced. I was administering a Unix server and a particular IMAP
    exploit was announced. Being relatively new to server admin, I didn't do
    anything about it for a couple of days. Within the first week, the server
    had been exploited. I happen to be logged on when the exploit occurred so I
    was able to respond quickly and get it offline.
    
    I've since learned to install patches with high vulnerability quickly. I'm
    still reluctant to install certain Microsoft patches because they sometimes
    break things but it's either face that risk or a potential attack.
    
    Greg
    
    
    on 1/8/02 3:53 PM, leon at leonat_private wrote:
    
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    > 
    > Hi everyone,
    > 
    > I have been reading this list for a couple of years now and I just
    > got done reading hacker's challenge.  Great book (hi to everyone who
    > contributed and reads this list, I know David D is one of them).  The
    > book is quite unique in how it goes about presenting itself.
    > Basically it is 20 challenges (here is what happened, here are the
    > logs, and here are some questions).  At the end of the book are the
    > solutions (how a security professional figured out xy and most
    > importantly z).  The reason I wrote the subject heading as I did is
    > because throughout the book they show case after case of remote
    > exploit all for vulns that are months old.  On this list and the sec
    > basics I constantly (relative I know) hear people talking about being
    > compromised by vulns that patches have been available for, for
    > months.  So I ask upon you incidents list (ye who have SO MUCH more
    > experience then I) do systems being compromised by zero day exploits
    > really happen (I am sure they happen but I am really curious as to
    > the frequency and how a professional goes about dealing with a never
    > seen before exploit.)  Just figured I would throw that out there and
    > see how everyone responds because I was thinking about it on the walk
    > home (hey, shoot me, it is cold in nyc, gotta do something to keep
    > from freezing). 
    > 
    > Cheers & TIA,
    > 
    > Leon
    
    
    -- 
    Greg Francis
    Sr. System Administrator
    Gonzaga University
    francisat_private
    509-323-6896
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 21:39:00 PST