Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How do I defend against 0day?

From: Nate Lawson <nate () root org>
Date: Mon, 20 Apr 2009 17:36:53 -0700
Jeffrey Czerniak wrote:

On Mon, Apr 20, 2009 at 11:45 AM, Andre Gironda <andreg () gmail com> wrote:

Every 0-day threat is different.  Imagine telling doctors that they
can't allow disease, infections, et al to spread in a dying patient in
order to determine root-cause (ala House, the TV show).  If you are
interested in understanding the problem, then you should also be
interested in "hacking into other people's computers" (or at least
your own computers).


Ok, I'll accept the premise.  So let's say I buy CANVAS with all the
extra toppings, and use it to hack into my own machine.   From the
self-administered pen test, I discover that I'm vulnerable to x remote
root exploits, and that my browser can be exploited via y different
heap overflows in Firefox.

If I am a rational decision-maker, what do I do with this information?
  My first instinct would be to tell the vendors, "fix this stuff
now!"    But according to immunitysec.com, I can't do that since
CANVAS et al. are protected via NDA.

So how do I leverage this new information to make myself safer and/or
more secure?


You find a mitigating approach ("disable javascript in PDF readers" or
"switch from acrobat reader to preview" or "add Diehard to PDF reader in
addition to browsers") and apply it to your desktops. Then you re-test
and make sure you've fixed the problem.

If this doesn't make sense to you or sounds too hard, then you're
probably not in an organization where 0-day matters. Relax and wait for
vendor patches that will appear some year.

-- 
Nate
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: