Date: Thu, 27 Jun 2002 18:37:05 +1000 (Australia/ACT) From: Darren Reed <avalon@coombs.anu.edu.au> To: deraadt@cvs.openbsd.org (Theo de Raadt) Cc: freebsd-security@FreeBSD.ORG Subject: Re: Wow (or, How Theo should have handled it) Message-ID: <200206270837.SAA17907@caligula.anu.edu.au> In-Reply-To: <200206270743.g5R7hswj029148@cvs.openbsd.org> from "Theo de Raadt" at Jun 27, 2002 01:43:54 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Theo de Raadt, sie said: [...] > I still do not believe ISS that this thing was wild. If it was, we > would already have seen it on BUGTRAQ, because wild does not mean that > someone has an exploit. Wild means it is being distributed in an out > of control fashion, and people are starting to use it. As of the > posting time -- it was not wild. I estimate that in more than half of > the cases, as soon as a bug goes wild, it gets posted because whoever > wrote it wants their credit. [...] This discrepency is, I believe, just a misunderstanding of what they term wild vs what you term wild. You're using the term "wild" as in "wildfire" whereas they might mean "wild" as in it's out there, somewhere, perhaps hiding, lurking, not in your control, not everwhere but waiting to jump you when you least expect it - more like a wild cat. I think you're wrong on the exploits being published - there's current evidence that strongly suggests things can be kept quiet, "in the wild", for months before they end up on bugtraq. Neils might be able to tell you more about that but not I. Current thinking is that if there's any trend in hackerdom then it is away from publishing exploits. Why ? Well, it defeats their own ability to break into stuff, doesn't it ? I also have some reason to believe that the likes of ISS would have more of an inclination than you about "what's out there". This isn't to insult you but rather they have dedicated resources who's paid job it is to find this stuff out (xforce). Choose what you wish to believe, but be careful about interpreting what others say, without asking them first, if it is not clear. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206270837.SAA17907>