Jeremiah Grossman posted a link to a Security Focus article written by Dave Aitel, respected security guru and founder/CTO of Immunity. In the article, Dave responds to the recent paper on automatic patch-based exploit generation. The gist of his article is that their paper, while highlighting some known issues in the patch process, is full of crap, and the authors seriously misunderstand the difference between an exploit and proof of concept. He goes on to argue that there is a significant disparity between academia and (real world) security/vulnerability research. Quite an interesting read -- Dave brings up some very good points.
Blog Archive
-
►
2008
(138)
-
►
August
(12)
- BGP sucks and why it matters
- New grippers!
- Legislating the future
- reDuh released
- hichina.com = FAIL
- Accessing your bank account via password resets
- Interesting stuff to try
- Sometimes you just need to laugh...
- DC16!
- Black Hat/DefCon!
- US Customs laptop and electronics search & seizure...
- Some encouraging news!
-
►
August
(12)
Labels
- awesome (4)
- captcha (4)
- CSRF (1)
- defense (13)
- DNS (2)
- encryption (16)
- exploits (48)
- fun (30)
- gentoo (8)
- government (20)
- ideology (39)
- lameness (9)
- legal (19)
- linux (11)
- lockpicking (1)
- malware (16)
- phishing (5)
- privacy (8)
- programming (19)
- real world (60)
- senseless (2)
- social engineering (10)
- spam (9)
- sql injection (1)
- the man (24)
- tools (17)
- training/education (18)
- webappsec (2)
- weird (15)
- Windows (1)
- wireless (7)
- XSS (4)
About Me
Things to Read
StatCounter
0 comments:
Post a Comment