Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How do I defend against 0day?

From: Jeffrey Czerniak <jeffcz () gmail com>
Date: Mon, 20 Apr 2009 12:02:21 -0400
On Mon, Apr 20, 2009 at 11:37 AM, Halvar Flake <halvar () gmx de> wrote:

I hope my post is not perceived as horribly rude, and please be aware
that I do not intend to offend in any way. And apologies up front if I do.

Is this a serious post ?


Yes.

On Mon, Apr 20, 2009 at 11:45 AM, Andre Gironda <andreg () gmail com> wrote:

Every 0-day threat is different.  Imagine telling doctors that they
can't allow disease, infections, et al to spread in a dying patient in
order to determine root-cause (ala House, the TV show).  If you are
interested in understanding the problem, then you should also be
interested in "hacking into other people's computers" (or at least
your own computers).


Ok, I'll accept the premise.  So let's say I buy CANVAS with all the
extra toppings, and use it to hack into my own machine.   From the
self-administered pen test, I discover that I'm vulnerable to x remote
root exploits, and that my browser can be exploited via y different
heap overflows in Firefox.

If I am a rational decision-maker, what do I do with this information?
  My first instinct would be to tell the vendors, "fix this stuff
now!"    But according to immunitysec.com, I can't do that since
CANVAS et al. are protected via NDA.

So how do I leverage this new information to make myself safer and/or
more secure?

Jeff
geekable.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: