-
April 11th, 2005, 02:45 PM
#11
Perhaps it could have been worded better.
Security tools and software patches prevent exploits
Just my thoughts
Security tools and software patches -WHEN APPLIED- prevent -THE USE- of exploits.
like zengger said, patches just publicly announce the exploit. If an admin doesnt patch the whole then all the patch release is doing is advertising an opening. This of course all falls back to the replies about lack of user security practices.
-
April 11th, 2005, 03:05 PM
#12
Myth #5: Security tools and software patches make everybody safer
I think that this statment is relatively true. Security tools and patches are published in order to preven black hats from exploiting them. They will find another way to break into systems though. This circulation won't stop, it is the war between the good and the evile.
Why this statment is really rational?? Because many vulnerabilities have been patched after exploiting them over real companies... Black Hats won't work hard and then tell vendors and OEMs about this vulnerability. Am I right here? They will take the most out of it {Untill they know about this vulnerability}. What would prevent them from accessing your data after finding new vulnerability and apply it on your system... This statment can't be more accurate than here.... Here I am not encouraging people not to patch thier systems, no. But rather saying truth... Who imagned that one day Yahoo!, CNN, Amazone would stop serving people because of DoS attack??? It is just about finding new ways into things...
We have to keep our systems updated and patched, we have to linger bad people and make things harder for them....
Just my $0.02
Cheers
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
April 11th, 2005, 04:02 PM
#13
What I said was, perhaps that Myth #5 should have been reworded to
Security tools and software patches prevent exploits
Again, these are Myths.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
April 11th, 2005, 04:33 PM
#14
No they don't. They only prevent exploitation of existing and known vulnerabilities.
Tsk, tsk. I'm very surprised MsMitts. Your statement is false. HPING, a security tool that I use all the time to document unkown vulnerabilities is one example of a security tool used to find unkown vulnerabilities. This is one example of many...
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 11th, 2005, 04:41 PM
#15
This article on SecurityFocus expands a bit on myth #4 in particular.
http://www.securityfocus.com/columnists/313
-
April 11th, 2005, 04:43 PM
#16
Tools can also be used to detect changes in normal patterns to alert of a possibility of an unkown issue. For example, a 100 percent increase in normal email traffic. An overload of NEW files shares. Etc...
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
April 11th, 2005, 05:07 PM
#17
Your statement is false. HPING, a security tool that I use all the time to document unkown vulnerabilities is one example of a security tool used to find unkown vulnerabilities.
I was thinking of the scanning tools specifically. Mea culpa
-
April 11th, 2005, 06:46 PM
#18
We'll let you slide just this once.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 11th, 2005, 07:03 PM
#19
I don't like where he seems to be going with #5, about patches not making
you safer. His argument seems to be that the bad guys will "reverse engineer"
the patch in order to "discover" the vulnerability it was written to fix.
HELLO! The vulnerability already exists and you must presume that if they don't
already know it on their own, they will figure it out soon enough. This is more "security by obscurity"
reasoning. Since the patch can't be distributed secretly, your choice is to distribute
it publicly, risking that someone (horrors!) will study it, or not at all.
Just ignore those holes and maybe they'll go away.
I came in to the world with nothing. I still have most of it.
-
April 11th, 2005, 07:17 PM
#20
Originally posted here by rcgreen
I don't like where he seems to be going with #5, about patches not making
you safer. His argument seems to be that the bad guys will "reverse engineer"
the patch in order to "discover" the vulnerability it was written to fix.
I think the article was suggesting that the black hats will/can study the patch to see if it truly fixes what it is supposed to (not all patches to work as intended) and also to see if it opens up any new holes in the OS.
~Halv
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|