[Dailydave] How do I defend against 0day?
Jeffrey Czerniak
jeffcz at gmail.com
Mon Apr 20 12:02:21 EDT 2009
On Mon, Apr 20, 2009 at 11:37 AM, Halvar Flake <halvar at gmx.de> wrote:
> I hope my post is not perceived as horribly rude, and please be aware
> that I do not intend to offend in any way. And apologies up front if I do.
>
> Is this a serious post ?
Yes.
On Mon, Apr 20, 2009 at 11:45 AM, Andre Gironda <andreg at gmail.com> wrote:
> Every 0-day threat is different. Imagine telling doctors that they
> can't allow disease, infections, et al to spread in a dying patient in
> order to determine root-cause (ala House, the TV show). If you are
> interested in understanding the problem, then you should also be
> interested in "hacking into other people's computers" (or at least
> your own computers).
Ok, I'll accept the premise. So let's say I buy CANVAS with all the
extra toppings, and use it to hack into my own machine. From the
self-administered pen test, I discover that I'm vulnerable to x remote
root exploits, and that my browser can be exploited via y different
heap overflows in Firefox.
If I am a rational decision-maker, what do I do with this information?
My first instinct would be to tell the vendors, "fix this stuff
now!" But according to immunitysec.com, I can't do that since
CANVAS et al. are protected via NDA.
So how do I leverage this new information to make myself safer and/or
more secure?
Jeff
geekable.com
More information about the Dailydave
mailing list