https://cybersecpolitics.blogspot.com/2019/05/baltimore-is-not-eternalblue.html … @nicoleperlroth @riskybusiness That article is badly researched and I didn't have time to do a line by line correction, but I did some of it.
-
-
IMHO and without taking sides on the bigger discussion, it's less about the vuln itself, but more about the robustness ("NSA grade“) of the exploit: reliable, cross Windows versions, easy payload integration etc.
-
Sure, but that's just software engineering. You can make a flappy bird clone in an evening, but it's not going to run on much other than your desktop until you do some testing and get some bug reports. Nothing exploit specific there, that's just how sw development works?
- 6 more replies
New conversation -
-
-
There’s an interesting data point with MS17-010, the patch which fixed EternalBlue.exe exploit - it was released months beforehand, and basically nobody cared except zerosum.
-
There are professional teams who reverse engineer and bindiff every patch, they care about every patch - we've hired some of them. I guess you mean nobody blogged about it? That's not unusual, but doesn't mean very much.
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.