With any luck, not too much. The point is that there is a way to do it, and if there is a way, someone will use it in a bad manner eventually. We can only hope that the users will count more on vulnerability/behavior based security solutions, and not exploit based security solutions. -- Aviv. -----Original Message----- From: Pukhraj Singh [mailto:pukhraj.singh@xxxxxxxxx] Sent: Thursday, September 28, 2006 7:37 AM To: avivra Cc: karmic_nirvana@xxxxxxxxx; EArsal@xxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures And you tell me how many of these variants you will actually find in the wild. Won't be a significant number I bet. Cheers! Pukhraj On 9/27/06, avivra <avivra@xxxxxxxxx> wrote: > Hi, > > > i.e. I can't afford to buy "specialized" security tools/devices for > > "speclialized" attacks unless my company relies heavily on web/content > > services. > > So, you will buy "specialized" security tools like firewall or > Anti-Virus, but not web content filtering tool? > > > In our company, we established a information-sharing > > network with other security companies. So the real-time exploit-facing > > signatures were then subjected to live traffic, honeypots and countless > > variants; They seemed to work out pretty well. > > I would like to see how your real-time signatures get updated with the > randomization implemented in the new VML metasploit module. Your > "countless" exploit variants will become really innumerable. > > The problem is that the signatures are written for the exploit, and > not for the vulnerability. > > -- Aviv. >
