@attritionorg only need to worry about 0-day if I don't have the other kind. At least I can theoretically patch the non-0 days or alt contrl
-
-
-
@seccubus Theoretically you can. Reality, you can't know when a vuln lib is used in something you have deployed, and don't realize. -
@attritionorg just read up on your trail with Dan. Dealing with unknown unknows requires resilliancy iso security. -
@seccubus 10 oday = unknown unknowns. how about the 10k "unknown knowns" =) -
@attritionorg 1 hole can sink a ship, but plenty os ships have holes and cross the ocean. -
@seccubus you think that of the 10k holes, a few aren't as big as the 'sink' ones? -
@attritionorg that why I believe in solutions like#bromium have the future, and av is losing the race. -
@seccubus these are classic vulns, not malware/virus. you wouldn't expect AV to catch any of them. - 1 more reply
New conversation -
-
-
@attritionorg What is the vendor response to the 10,000 known vulns? Patch available? -
@gdbassett Not 10k vulns in *one* vendor. Say 10k vulns in 9k vendors for sake of argument. -
@attritionorg then vendors' responses. 0'days are known security bypass. known vulns are 0'days that are less likely to work. -
@gdbassett@attritionorg If vendors have issued patches, that decreases likelihood of vulns working further. being in vuln scanners ... -
@gdbassett Now you get to one root of the question. Patch exists, but nothing detects it... do companies actually patch? -
@attritionorg it's a question of their patch/config mgmt process. Assuming single target, highly target dependent. -
@gdbassett Exactly. But safe to assume that maybe half get patch management right, if not less, right?
End of conversation
New conversation -
-
-
@attritionorg As an outlier, I think the 0days would be preferable if in hard to update systems (e.g. Mainframe, firmware, protocols) -
@ChrisJohnRiley Disagree. Hard to update = the known issues hard to update (aka the 'forever day' bugs). 0day doesn't matter to those. -
@attritionorg That's a conversation to have over alcohol I think… 140 chars just aren't enough (as usual) -
@ChrisJohnRiley agree, pencil me in!
End of conversation
New conversation -
-
-
@attritionorg prob 10 0-day. demands a more focused approach to attack (vs spray and pray) -
@caseyjohnellis Even when the 0day is detected and 100 news articles result, making subsequent use that much more difficult? -
@attritionorg ahh... if you're going to introduce new variables to the question then I'm going to default to "it depends" :) -
@caseyjohnellis I've clarified some points (in regular tweet, not reply). That change the answer? -
@attritionorg yeh based on your clarification the 10k are as good as 0-day so yeh, change and lock in the 10k eddie
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.