[Dailydave] Cows
Jared DeMott
jdemott at vdalabs.com
Mon Dec 4 20:16:03 UTC 2017
I make this point a lot also - to folks feeling overwhelmed - keeping the
pace with info overload is new. It's a very interesting challenge. :)
On Mon, Dec 4, 2017 at 3:08 PM, Dave Aitel <dave at immunityinc.com> wrote:
> So for a while it was like being on a treadmill trying to keep up with
> the security communities technical advances. These days, it's like being a
> guy on a skateboard while several fireman shoot you with firehoses from
> different directions. Even staying current on one platform seems impossible
> for super-experts.
>
> I say this, because I noted someone pointing out that the DirtyCow patch
> maybe didn't work, and maybe didn't work in an exploitable way. Look, I'll
> be honest, I didn't even have time to read the analysis yet, and when I'm
> doing dishes even I've got the phone propped up so I can watch whatever
> videos HITB released that week. But nobody can keep up. Which is a somewhat
> new phenomenon really.
>
> I saw people on the Steptoe podcast pointing at this:
> https://www.recordedfuture.com/chinese-vulnerability-reporting/ report
> which "shows" that the Chinese have their own version of the VEP, as for
> some bugs they were demonstrably a lot later than for every other bug.
>
> Here's my point as it relates to policy wonks and the VEP: Nobody has the
> number of vulnerability researches on hand who could tell them that THEIR
> version of DirtyCow was or was not properly patched by the publicly
> reported patch/vuln. The workload for knowing if any two bugs are the same
> bug or if any patch actually worked is so much higher than is publicly
> discussed. I mean, half of twitter is just Steffan Esser pointing and
> laughing at Apple's security engineers these days.
>
> -dave
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
--
Thanks,
Dr. Jared DeMott
Founder, VDA Labs
www.vdalabs.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20171204/d847616c/attachment.html>
More information about the Dailydave
mailing list