|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Charles Miller (cmiller
securityevaluators.com)
Date: Mon Sep 01 2008 - 18:05:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
First off, I'm not a MS hater. I'm sure MS has security guys better
than many security experts, no doubt better than myself. That is not
the point. The point is, it only takes one or two of the best exploit
developers to make a reliable exploit and it is very hard to predict
what these guys can do. (and I stand by my statement that MS doesn't
employ the BEST exploit developers - why would they?) It seems to me
to be inherently unpredictable to predict how reliable a particular
vulnerability is. For example, I'm sure MS was unaware that you could
defeat ASLR and reliably exploit IE bugs until Alex and Mark told them.
Charlie
On Sep 1, 2008, at 5:05 PM, ergosum wrote:
> On Thursday 28 August 2008 00:43:43 Charles Miller wrote:
>> But the problem is, if there are only a handful of people who can
>> make
>> a reliable exploit for a particular vulnerability (or not) and none
>> of
>> them work for MS, how can MS accurately determine whether an exploit
>> for a particular vulnerability will be somewhat reliable or totally
>> reliable (or not possible at all)? Doesn't anyone remember
>> gobbles :)
>>
>
> Charles, no ofense, but the MS Security team has several members who
> can make
> reliable exploits, probably much better than many "security
> experts". So,
> don't take for granted that MS is full of crap because that shows
> your lack
> of knowledge about them.
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]