- TalkBack 15 of 31:
- Next »
- « Previous
- Thread View
- Flat View
- So What
-
Ok so it's sort of dickish that HDM published this exploit, but guess what, this attack is already in the wild. Moore and |)ruid just have big ole brass balls for releasing this exploit code publicly.
The fact is the cat is out of the bag, anyone with a modicum of skills can create a similar exploit in a couple hours or even less, and could have done so since at least three days ago when Halvar posted his initial conjecture (ok maybe 1-2 days if you are a pessimist/optimist).
Regardless of what you think about that (I am pretty ambivalent about it, unless you think Halvar is smarter then every blackhat), there is no real harm in it.
As I said, this exploit has been already seen in the wild, the code is out there, if anything this just further illustrates the need to patch your systems. people who are going to exploit this are either already doing so or are preparing to do so very shortly, and with the money at stake for successfully exploiting this you can bet they aren't waiting around for some public exploit code to be released when its so easy to roll their own.
P.S. Ryan, Stop being such a hate monger about this and making it look like the security community is full of petty infighting, Tom apologized for his (I believe) honest mistake. Matasano isn't exactly a no name outfit trying to garner publicity for themselves. I'm sure Kaminsky is pretty upset, to put it mildly, but in the end mistakes happen, lets all grow up. Hell I could even defend Halvar talking about the bug by saying that security through obscurity ain't the best. This just sped up peoples patch cycles a bit, it's not the end of the world. - Posted by: KStads Posted on: 07/23/08 (Edited: 07/23/2008 @ 10:42) You are currently: a Guest | Members login | Terms of Use
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Live Webcast: Activate Today! Realize ROI with Intel(r) vPro? Technology and LANDesk Intel Join the team from the Intel vPro Expert Center for an informative Webcast ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
IT Solutions for 2010
- Get cost-effective strategies and roadmaps on the most important issues facing IT leaders in 2010! Learn how to easily cut costs and deliver greater efficiency starting with your database, IT compliance management and data center. Visit the IT Leaders Dashboard. Visit the IT Leaders Dashboard.
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
