I know this argument has been going on for years and years, but the debate about God's existence has been going on for longer. Security is has a while to go before people worship in our churches.
I would love to see if I am going completely wrong. This time the staging ground is Susan Bradley's blog. A quick summary is that Susan is arguing that disclosure of an exploit (or technical details) at the same time as the patch release doesn't give administrators time to patch and is therefore, irresponsible. My counter is that the patch can be used to reverse engineer an exploit and that the technical details/exploit is usefull for other tools such as snort, nessus, oval or virus signatures which are often the front line during patching.
I would love to see if I am going completely wrong. This time the staging ground is Susan Bradley's blog. A quick summary is that Susan is arguing that disclosure of an exploit (or technical details) at the same time as the patch release doesn't give administrators time to patch and is therefore, irresponsible. My counter is that the patch can be used to reverse engineer an exploit and that the technical details/exploit is usefull for other tools such as snort, nessus, oval or virus signatures which are often the front line during patching.
OSVDB and a few other places have pointed out Havlar's new movie demonstrating his company, SABRE, and their product BinDiff, a plugin to the IDA dissasembler.In the demonstration the MS05-025 patch is dissasembled and the vulnerability that was patched
Tracked: Jun 26, 15:02