Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Dailydave] WMF and the Windows Vulnerability Drought :>
From: Dave Aitel (daveimmunityinc.com)
Date: Mon Jan 02 2006 - 15:20:26 CST
-----BEGIN PGP SIGNED MESSAGE-----
So I'm not sure why Sans Diary has people calling HD Moore
irresponsible, when all he did was point out the brutally obvious: You
can't write reliable network IDS signatures for these client side
bugs. If it's going to annoy you a lot when people pad the exploit to
match an MTU header, then it's going to REALLY annoy you when we set
our MTU size to be 40 bytes, and use tiny HTTP Chunks for a Gziped
file over SSL after doing several prior null requests . I haven't done
a lot of testing with commercial IDS's, but I can pretty much
guarantee signature based IDS isn't going to find Immunity's version.
That probably goes for other people writing exploits that Sans isn't
able to get their hands on.
And you don't want a patch (although kudo's to Ilfak for writing one!)
- - you want code to be designed securely when it gets delivered to you.
Relying on a patch just means you've been owned for the past 5 years
without knowing it.
When people in this industry call other people irresponsible, what
they usually mean is they're upset for getting hit over the head with
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----