[Dailydave] Movies, ponds, and MS08_025.
Stephen John Smoogen
smooge at gmail.com
Tue Apr 8 16:53:25 EDT 2008
On Tue, Apr 8, 2008 at 1:51 PM, Dave Aitel <dave at immunityinc.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Movies: http://www.immunityinc.com/documentation/ms08_025.html
>
> Ah, the fun of a picture that changes over time. I guess the point with
> that little flash screencast is: It's not "exploit Wednesday"[1] anymore.
>
> Everyone's instinct is to attack the most secure platform - for example,
> when a patch only affects IE6, people think "whatever", but then I get
> emails from people who's entire large government organizations are
> standardized on IE6. So IE6 bugs ARE important, which is nice because
> it's a much deeper pond to fish in.
>
> - -dave
>
> [1] I really hate that term anyways. It implies that exploits derive
> from patches, instead of the other way around. It sounds like something
> Jeff Jones would come up with. :>
Well there are a bunch of people who only look at what is patched and
then use it for their own feeding fests. They are also the ones
usually caught/stopped/etc and so it makes it look more like exploits
come from patches versus the other. The smart guys who rarely get
caught or attention have been using the vulnerability for a lot
longer.
Yes, it is quite common that IE6 is in heavy usage.. its one of the
reasons I saw Vista being delayed at a site. All the business tools
only work with IE6 and so that is what everyone uses. Some places are
trying to limit attack vectors by putting IE6 and god awful old
versions of Word in VM's that the users connect to. However, how
secure or useful that is.. I am not sure.
As you said, the flashy get the flag in Vista etc is the eye candy
that gets reporters, blogs, etc attention. The finding an exploit in a
5-7 year old version of Word gets poo-poo'd but since 80% of your
'moneyed' victims are still using it.. its what you want (plus you
don't grab the attention that might get you busted sooner.)
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the Dailydave
mailing list