North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: AV/FW Adoption Sudies
On Thu, 10 Jun 2004 08:50:18 PDT, Eric Rescorla said: > Valdis.Kletnieks@vt.edu writes: > > Remember that the black hats almost certainly had 0-days for the > > holes, and before the patch comes out, the 0-day is 100% effective. > > What makes you think that black hats already know about your > average hole? Because unlike a role playing game, in the real world the lawful-good white hats don't have any deity-granted magic ability to spot holes that remain hidden from the chaotic-neutral/evil dark hats. Explain to me why, given that MS03-039, MS03-041, MS03-043, MS03-044, and MS03-045 all affected systems going all the way back to NT/4, and that exploits surfaced quite quickly for all of them, there is *any* reason to think that only white hats who have been sprinkled with magic pixie dust were able to find any of those holes in all the intervening years?