Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: New article on SecurityFocus

from [Drew Simonis] Network Security [Permanent Link]
Subject: Re: New article on SecurityFocus
Date: Fri, 06 Jan 2006 10:21:36 -0500 

Overall, I think community's coverage of wmf has been delivered 
with an ounce of perception, and a pound of obscurity.  It's almost 
as if people *want* it to be worse than it is.  I'm not surprised, 
of course.  But regardless,  my call is that we'll see a little 
activity here and there, the patch will come out, most will install 
it (or have it installed automatically) and the whole issue will 
fade away.  But that's all.

We'll know for sure shortly, either way.



Thor,
I think your path of thought is stuck a bit in the past.  Worms are neat as a 
technical exercise, but we see more and more that the attackers are 
increasingly aware of the value of these vulnerabilities from a financial 
perspective, not merely for notoriety.  As such, it benefits the attacker to 
have a less subtle attack, one that does not sensationalize the vulnerability.  
Complacency is their ally.  

That said, there are already numerous (hundreds+) "legitimate" web sites that 
have been compromised and had exploit images injected into their content.  
There are also already hundreds of thousands of machines that have been 
infected with Trojans or bots.  These infected machines will patch, but they 
won't be safe, and the problem gets worse.  

So no, there won't be some catastrophic worm event.  But I posit that what 
there will be could be much worse.  

-- 
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: New article on SecurityFocus, Navroz Shariff
Next by Date:  RE: audit trails for file access, David Greig
Previous by Thread:  RE: New article on SecurityFocus, Navroz Shariff
Next by Thread:  Re: New article on SecurityFocus, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Indexes:  [Date] [Thread] [Top] [All Lists]