Re: how often do 0-days REALLY happen?

From: Greg Francis (francisat_private)
Date: Tue Jan 08 2002 - 16:41:07 PST

Next message: Ryan Russell: "Re: how often do 0-days REALLY happen?"

Previous message: leon: "how often do 0-days REALLY happen?"
In reply to: leon: "how often do 0-days REALLY happen?"
Next in thread: Ryan Russell: "Re: how often do 0-days REALLY happen?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I learned the hard way that exploits can occur very rapidly once the exploit
is announced. I was administering a Unix server and a particular IMAP
exploit was announced. Being relatively new to server admin, I didn't do
anything about it for a couple of days. Within the first week, the server
had been exploited. I happen to be logged on when the exploit occurred so I
was able to respond quickly and get it offline.

I've since learned to install patches with high vulnerability quickly. I'm
still reluctant to install certain Microsoft patches because they sometimes
break things but it's either face that risk or a potential attack.

Greg


on 1/8/02 3:53 PM, leon at leonat_private wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi everyone,
> 
> I have been reading this list for a couple of years now and I just
> got done reading hacker's challenge.  Great book (hi to everyone who
> contributed and reads this list, I know David D is one of them).  The
> book is quite unique in how it goes about presenting itself.
> Basically it is 20 challenges (here is what happened, here are the
> logs, and here are some questions).  At the end of the book are the
> solutions (how a security professional figured out xy and most
> importantly z).  The reason I wrote the subject heading as I did is
> because throughout the book they show case after case of remote
> exploit all for vulns that are months old.  On this list and the sec
> basics I constantly (relative I know) hear people talking about being
> compromised by vulns that patches have been available for, for
> months.  So I ask upon you incidents list (ye who have SO MUCH more
> experience then I) do systems being compromised by zero day exploits
> really happen (I am sure they happen but I am really curious as to
> the frequency and how a professional goes about dealing with a never
> seen before exploit.)  Just figured I would throw that out there and
> see how everyone responds because I was thinking about it on the walk
> home (hey, shoot me, it is cold in nyc, gotta do something to keep
> from freezing). 
> 
> Cheers & TIA,
> 
> Leon


-- 
Greg Francis
Sr. System Administrator
Gonzaga University
francisat_private
509-323-6896


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ryan Russell: "Re: how often do 0-days REALLY happen?"
Previous message: leon: "how often do 0-days REALLY happen?"
In reply to: leon: "how often do 0-days REALLY happen?"
Next in thread: Ryan Russell: "Re: how often do 0-days REALLY happen?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 21:39:00 PST