tag:blogger.com,1999:blog-7347279.post4596576209127680891..comments2023-08-26T05:04:33.009-04:00Comments on anti-virus rants: full disclosure as disarmamentkurt wismerhttp://www.blogger.com/profile/03810635947269551517noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7347279.post-79431324068702309092010-07-22T12:11:29.702-04:002010-07-22T12:11:29.702-04:00wow, 1 whole word with completely ambiguous contex...wow, 1 whole word with completely ambiguous context and an example of what exactly? a vulnerability that was exploited minimally before disclosure (because few people knew about it) and maximally afterwards. <br /><br />way to support my argument that disclosure arms the bad guys.kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-57681206468632366602010-07-22T11:23:54.059-04:002010-07-22T11:23:54.059-04:00http://threatpost.com/en_us/blogs/microsoft-knew-i...http://threatpost.com/en_us/blogs/microsoft-knew-ie-zero-day-flaw-september-012110<br /><br />No.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7347279.post-48381221570417935832010-07-21T12:24:46.203-04:002010-07-21T12:24:46.203-04:00what would have happened if you went looking for e...what would have happened if you went looking for examples of it being exploited before it became public knowledge is that you'd find far, far fewer examples (perhaps even no examples).<br /><br />i'm sure you think you're clever by trotting out the old "correlation does not imply causation" argument, but the malware world has numerous examples of researchers POC code being copied and used in malware instead of the bad guys developing the same technology independently (copied code is not too difficult to verify). in fact there are even examples of researchers binaries being used as-is (see for example jamie butler's POC stealthkit that became one of the most widely deployed stealthkits on earth at one point <a href="http://anti-virus-rants.blogspot.com/2006/04/ethical-conflict-in-anti-rootkit.html" rel="nofollow">here</a>). occam's razor dictates that the same must happen in the vulnerability world. the alternative explanation - that everyone who exploits the vulnerability magically new about it before the researchers disclosed it publicly, and simply decided to use it in ever increasing frequency only after the disclosure - is patently ridiculous.<br /><br />ergo full disclosure does in fact aid the attackers.kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-67166725797458962092010-07-21T11:56:58.500-04:002010-07-21T11:56:58.500-04:00http://en.wikipedia.org/wiki/Correlation_does_not_...http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation<br /><br />What would have happened if you started looking for examples of it being exploited before you knew what to look for?Anonymousnoreply@blogger.com