Re: Internet Explorer 0day exploit

To: Chris Stromblad <cs@xxxxxxxxxxxxx>
Subject: Re: Internet Explorer 0day exploit
From: "Zow" Terry Brugger <zow@xxxxxxxx>
Date: Thu, 19 Jul 2007 13:06:08 -0700
Cc: Gadi Evron <ge@xxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Comments: In-reply-to Chris Stromblad <cs@xxxxxxxxxxxxx> message dated "Wed, 18 Jul 2007 22:12:11 +0200."
In-reply-to: <469E741B.2090400@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <46931483.1000506@xxxxxxxxxxx> <Pine.LNX.4.62.0707101052310.4147@xxxxxxxxxxxx> <200707141940.44079.dr@xxxxxxx> <Pine.LNX.4.62.0707142133540.18405@xxxxxxxxxxxx> <469DD133.6070702@xxxxxxxxxxxxx> <200707181653.l6IGr9GX009495@xxxxxxxxxxxxxxx> <469E741B.2090400@xxxxxxxxxxxxx>

> ideal world. Many of the advisories I look at almost always cover the
> same type of vulnerability. Shouldn't we have learned by now, if we
> consider your argument?

It's been a while, but one of the great things I've seen Bugtraq used for is 
to look at the distribution of vulnerabilities. In the past few years, my 
perception is that there's been a decline in the number of buffer overflow 
attacks and most of what we see today are web attacks like cross-site 
scripting and remote file injection. Seeing these trends is important because 
it tells us as a community where we need to focus our efforts.

> However, perhaps one/I just need to shift the way I look at advisories.
> Rather than seeing them as "late" and "out-of-date", they could be an
> additional source of information about a particular system. I'll accept
> that.

That too. Let me tell you, if I ever need to set up a web forum for 
something, I'm going to look at Bugtraq to see what the track record is for 
the systems I'm considering.

> are almost at the verge of being completely void. A remedy for that
> would be to have the security community agree on a common "advisory
> protocol" that defines a guideline for contents in an advisory. Anyways,

Great idea! Much like the RFP vendor notification policy (Which I haven't 
seen mentioned in a while, so I encourage everyone doing vulnerability 
research to see http://www.wiretrip.net/rfp/policy.html). Anyone care to 
propose a template (presumably if someone who the community respects does so, 
it's more likely to catch on)?

Terry

import standard.disclaimer;

Follow-Ups:
- Re: Internet Explorer 0day exploit
  - From: Chris Stromblad

References:
- Internet Explorer 0day exploit
  - From: Thor Larholm
- Re: Internet Explorer 0day exploit
  - From: Gadi Evron
- Re: Internet Explorer 0day exploit
  - From: Dragos Ruiu
- Re: Internet Explorer 0day exploit
  - From: Gadi Evron
- Re: Internet Explorer 0day exploit
  - From: Chris Stromblad
- Re: Internet Explorer 0day exploit
  - From: Zow
- Re: Internet Explorer 0day exploit
  - From: Chris Stromblad

Prev by Date: [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Next by Date: [ANNOUNCE] RSBAC 1.3.5 released
Previous by thread: Re: Internet Explorer 0day exploit
Next by thread: Re: Internet Explorer 0day exploit
Index(es):
- Date
- Thread