[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: [Dailydave] 0days Post
From: Dave Aitel <dave.aitel () gmail ! com>
Date: 2019-02-13 18:51:15
Message-ID: CAAVrE9SjfY+zd3OUnsO_GxjBdo+xz4RjeNJQi=YKcG54LkauWA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
When in the course of human events, it becomes necessary for one person to
communicate information about an unknown vulnerability to the public, they
often do not do so in the manner to which you might expect: With all due
pomp and circumstance, a ringing of the sacred bells, a phone call to Kim
Zetter, and that sort of thing.
Instead, they announce their talk title as "TBD LOL!", put a code fragment
into their Keynote slidepack with the subtitle, "Could be interesting, who
knows!" or publish a slight update to their github repo with targets that
date back to SunOS4.
A friend of mine said recently "Hey, so I told someone that this particular
talk at INFILTRATE isn't going to have any 0day in it." But wait. For a lot
of people, just knowing what is exploitable and what might not be is worthy
of the title. Maybe the talk doesn't give out "the bug" but it gives out a
class of bugs. It gives out a bug that looks a bit like the bug. It gives
out the roughshod cadence of government employees dancing to 90's techno at
Nations after having read the source code of the bug earlier in the day.
What I mean to say is this: what is and is not a mirror depends on your own
eyes. 0day is most often about the thing Rumsfeld
<https://en.wikipedia.org/wiki/There_are_known_knowns> forgot: The unknown
knowns.
-dave
[Attachment #5 (text/html)]
<div dir="ltr">When in the course of human events, it becomes necessary for one \
person to communicate information about an unknown vulnerability to the public, they \
often do not do so in the manner to which you might expect: With all due pomp and \
circumstance, a ringing of the sacred bells, a phone call to Kim Zetter, and that \
sort of thing. <div><br></div><div>Instead, they announce their talk title as \
"TBD LOL!", put a code fragment into their Keynote slidepack with the \
subtitle, "Could be interesting, who knows!" or publish a slight update to \
their github repo with targets that date back to SunOS4.</div><div><br></div><div>A \
friend of mine said recently "Hey, so I told someone that this particular talk \
at INFILTRATE isn't going to have any 0day in it." But wait. For a lot of \
people, just knowing what is exploitable and what might not be is worthy of the \
title. Maybe the talk doesn't give out "the bug" but it gives out a \
class of bugs. It gives out a bug that looks a bit like the bug. It gives out the \
roughshod cadence of government employees dancing to 90's techno at Nations after \
having read the source code of the bug earlier in the day. \
</div><div><br></div><div>What I mean to say is this: what is and is not a mirror \
depends on your own eyes. 0day is most often about the thing <a \
href="https://en.wikipedia.org/wiki/There_are_known_knowns">Rumsfeld</a> forgot: The \
unknown knowns.</div><div><br></div><div>-dave</div><div><br></div></div>
[Attachment #6 (text/plain)]
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic