Security tooling anecdote: Back in the day, I got rejected for a Black Hat talk about Dranzer. Reason: we weren't releasing the tool. At the time, CERT was very afraid of "bad people" using it. Years later and Dranzer public, Microsoft has all but removed ActiveX from browsers.
-
-
weren't COMRaider and AxMan already public at the time? Dranzer was probably better, but people were popping those ActiveX anyway. maybe it would lead to an overall awareness that ActiveX had to go and accelerate its death.
-
Yeah. But they both had very large blind spots (none checked for overflows via initialization data), and also didn't seem to be easy to automate. Those aspects combined allowed me to find about a thousand different vulnerabilities with virtually zero user interaction.pic.twitter.com/RA6KltcLEy
End of conversation
New conversation -
-
-
IHMO: Unlikely. Either the MS response would not have been significantly faster or the value of some modest gain in speed in remediation would not have outweighed the damage. Interesting, though, that even back then if you want to get a con slot a public drop was a big deal.
-
Yeah, I received a declination for my submission to Black Hat 2008 with this as the entire contents of the feedback, and nothing more: "If they aren't releasing the tool, then why would I care to see this?" We released Dranzer to the public the next year in 2009.
- 1 more reply
New conversation -
-
-
Maybe not. Attitudes have changed since then, and I'm somewhat certain if CERT had released the tool, the response would have been "meh" while actors went Christmas shopping.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.