[Dailydave] Top10 Blowing Chunks :>

Dave Aitel dave at immunityinc.com
Wed Sep 18 12:14:29 EDT 2013 

From an attacker's perspective this is the defender attacking the
exploit supply chain - where there are two parties, one which writes the
exploits and the other which uses them, it's hard to cycle new targets
into the mix. Hence, the target that is most prolific is the one that
has been QA'd and tested. If you are three rev's back, you are likely to
still be vulnerable, but not tested against, and hence, not owned.

This is a problem for people who use products like CANVAS, MSF, CORE,
etc. - none of us can afford to target or QA every possible
configuration of IE, for example.

The counter-example is a tightly integrated attack and R&D team. In this
case older is definitely not better. Many of your top-tier hackers are
fully integrated like this (sometimes in just one person), and the
combination is pretty devastating no matter what you're running, imho.


-dave


On 9/18/2013 6:23 AM, dan at geer.org wrote:
> Wolfgang, Once upon a time it was shown that the most attacked
> versions of software tended to be one revision off of current,
> leading to the strategy that you should keep up or stay well behind
> (like a herd animal either staying in the center of the herd or
> hiding in the bush but *never* being in the trailing edge of the
> herd as that's where the predators were).  Coupled with the observed
> propensity of so many software houses to have upgrades that add
> all-but-gratuitous features, it seemed almost preferable to take
> the hide-in-the-bush strategy if you had any technical skill at
> all.
>
> Expand on this in whatever direction you can, if you like.
>
> --dan
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130918/4c6c2e79/attachment.sig>

More information about the Dailydave mailing list