[Dshield] MS05-039 exploits prove that patching "window" is getting shorter and shorter and...

Matt.Carpenter@alticor.com Matt.Carpenter at alticor.com
Thu Aug 18 13:01:18 GMT 2005


> > I would like to offer a suggestion to the American public 
> > that are tired of fixing and repairing machines.
> > 
> > Buy an Apple.
> > 
> > Joel
> > 
> 
> Joel, 
> 
> There is no need for those type of comments on this forum.
> It doesn't matter what you have these days, if you are popular, you'll 
get
> targeted.
> As Apple is in the minority, it doesn't get targeted as much as others 
do.
> Take Firefox.. The greatest non MS browser in the world as many claim, 
as
> soon as it became popular, it too became the target of exploits and the 
more
> popular it gets the more that will be found.  The same will happen for 
any
> OS/Application etc and Apple included (when one day it becomes popular 
and
> main stream enough for them to concentrate exploit resources at it).
> 
> Lets just concentrate on beating those that are responsible for the 
exploits
> rather than knocking any one group.

Yeah!  As a fulltime Linux user, I was *completely* offended!  ;)
I guess I won't bring up the video clip "mac slam.wmv".  Wait.  ooops, I 
guess I just did.  It was amusing, but I do digress.

So my own input to this discussion (humor aside):

SO WHAT?

So the window is shrinking.  So what?
We're getting hit with a seemingly continuous barrage of vulnerabilities 
and exploits.  So what?
We have a problem patching all our systems in time.  So what?
SO WHAT?

What can we do about it?
What are we doing about it?
How can we help?

So NOW what?

Take whatever stop-gap solution you are using to keep your organization 
running and regress it.  Consider the next few moves in this chess-game we 
all play.  How does it stack up?  Exploit writers are basically working 
evermore towards drag-n-drop exploits (ok, arguably we're already there, 
with frameworks probably very much like MetaSploit).  It sure seems like 
these worms were made on an assembly line, bolting on this functionality 
and that.  Groups of Internet-thugs gang-fighting in our back-yard. 
Thankfully one of them removing some adware (greetz to whoever thought of 
that one).  Malware is becoming very readily combined, code reuse making 
it easier to doing things with the least amount of testing (although that 
rebooting worm really probably was a mistake).  Somebody set up us the 
bomb! 
How does your patching methodology stack up against 0-day worms?

So what?  What's next?  What's keeping us from fixing the problem?  What 
are the problems (there are several I'm thinking of)?  Can we stay ahead 
of the problems?

We are in the art of defense.  The technologies change, certain tactics 
and mindsets stay the same.  I have a feeling Sun Tzu will enter into the 
discussion before it's done.

So what?  (your turn)


More information about the list mailing list