Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Haroon Meer (haroonsensepost.com)
Date: Tue Jan 19 2010 - 04:30:09 CST
Hi Dave (all)
On 15 Jan 2010, at 20:39, dave <daveimmunityinc.com> wrote:
> ...... Perhaps the era of IDS and AV and scanners has come to an
> abrupt end? We can only hope.
> Everyone says an attack is "sophisticated" whenever any 0day is
> involved. But that should be the baseline. Or rather, it IS the
> and everyone seems to just be finding out.
> One of the things Immunity has been including in our services but is
> offering seperately is a client-side 0day penetration test against a
> single host using CANVAS technology. You get your penetration verified
> during phone consultation. And you receive real-time analyst
> interpretation of results, plus delivery of log data at the end. For
> more information you can contact markimmunityinc.com.
I'm not usually the first person to defend IDS or AV, but contrasted
with a "client-side 0day penetration test against a single host" it
raises an interesting question..
If we do assume that 0day is the baseline, then surely a test that
exposes a host to a subset of 0day (without some sort of *cough*
heuristic defence or detection) achieves very little?
Ie. To misuse the quote, I would now know that I can be owned by known
(by canvas subscribers) unknowns, but it says nothing new of my
education/stance to the unknown unknowns. (If I assumed from the start
that 0day was the baseline.. Then I have learned nothing new from this
If I was using the test to determine how my sandboxing worked, it
could make sense. If I was testing to see how my "anti exploitation
mechanisms" were working it could make sense. In the absence of any
sort of reactive defence, is there value in a semi-automated "click
here to get owned by 0day you can't currently defend against" type of
 Unless of course you are a vendor, and find it cheaper to capture
the CANVAS 0day list this way, instead of signing up for a subscription
+27 83 786 6637
** CRM114 Whitelisted by: From haroonsensepost.com **
Dailydave mailing list