Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why All The Hype About 0day?

Zonk posted more than 7 years ago | from the look-backwards dept.

85

nuthinbutspam writes "Michael Sutton has up an interesting post on the security vulnerabilities that we really need to be concerned about. According to Sutton, it's not the new ones that are scary, it's the old ones that have long since been forgotten. He illustrates his point by walking through an example where he uses Google and Yahoo! to identify 50 web servers that are wide open to attack. The list includes an ivy league school, various colleges and a company traded on the NYSE. Sobering stuff."

cancel ×

85 comments

slashdotted after 0 comments (0, Troll)

petwalrus (645792) | more than 7 years ago | (#16027324)

I think this webserver crashed by time time 3 ppl visited it.

Re:slashdotted after 0 comments (1)

hopstah (751270) | more than 7 years ago | (#16027332)

that's pathetic.

Re:slashdotted after 0 comments (5, Funny)

daeg (828071) | more than 7 years ago | (#16027338)

I wonder if his webserver was one of the 50.

Re:slashdotted after 0 comments (0)

Anonymous Coward | more than 7 years ago | (#16027352)

No, the 51th -- the one he didn't test :-))

cb

Re:slashdotted after 0 comments (1)

SpecTheIntro (951219) | more than 7 years ago | (#16027698)

No, the 51th

Wow. You mean 51st?

Re:slashdotted after 0 comments (2, Funny)

Anonymous Coward | more than 7 years ago | (#16028106)

No I meanth 51th. Why do you athk?

Re:slashdotted after 0 comments (1)

Shabazz Rabbinowitz (103670) | more than 7 years ago | (#16027484)

I was able to load the SPIDynamics page, but a page linked from it (J0hnny Long?) was "flooded."

Is this the Meta-Slashdot Affect that I've heard so much about?

Re:slashdotted after 0 comments (1)

bendodge (998616) | more than 7 years ago | (#16028545)

Yes. It is one of the worst/best things that can happen to your company, depending on the mood of your ISP when the storm hits.

0day Hussein! (1)

heauxmeaux (869966) | more than 7 years ago | (#16027336)

He put people in woodchippers and blew the chunks into a spiderhole.
LOL@USA

All security is important (4, Insightful)

Tyger (126248) | more than 7 years ago | (#16027344)

I think that qualifies as a well duh. If you haven't secured yourself against old vulnerabilities, worrying about zero-day vulnerabilities won't do you much good. On the other hand, if you're on top of security, staying in touch with the latest vulnerabilities has some real value. It's common sense. To use a bad analogy, if someone is suffering from a hear attack, you don't stop treating them because you notice they have a scratch that needs a bandage.

Phrased slightly differently ... (5, Insightful)

khasim (1285) | more than 7 years ago | (#16027376)

If you, as the admin, haven't secured your systems for KNOWN vulnerabilities, then you probably aren't one of the people concerned about 0 day exploits.

On the other hand, those of us who DO secure their systems ARE concerned. And rightfully so.

Re:Phrased slightly differently ... (1)

Tyger (126248) | more than 7 years ago | (#16027394)

I'd go so far as to say that those who actually follow zero day vulnerabilities (When they are still zero day, before the media hype starts) probably have their systems secured. It's the people who read about it in a trade rag or on a website and jump on the bandwagon that are the dangerous ones.

Re:Phrased slightly differently ... (1)

PopeRatzo (965947) | more than 7 years ago | (#16028396)

Let's all pat ourselves on the back for doing our jobs.

And curse the miscreants who are now mere irritants to those of us who do, many of whom are inside the castle walls.

Agreed. I've always assumed that "Pro" crackers (2, Interesting)

CFD339 (795926) | more than 7 years ago | (#16028684)

....would work to keep a tool kit of their own "zero-day" exploits handy for that day when they need or want to gain access to something in particular where the admin is doing the work of applying patches.

Re:Phrased slightly differently ... (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16029768)

I'm suprised that nobody has caught the fact that this could very well be flawed research, after all it's a blog post and not a whitepaper.

If I went around the day that Microsoft released the August patches I'd probably find that most if not all of the computers I was able to check were in fact *not* patched. Now, checking a few days later, or to cover those that wait a week or even a month I'd probably find a much larger number that are patched. I'd also probably find those pesky Ivy Leauge computer nerds had patched within a month :)

He's actually got a very good idea, but it's not extrapolated enough.

Something that I've seen before is _very_ old ideas, such as TCP attacks (think: LAND) that are being missed by TCP/IP stack implementers _today_. Those things are damm scary.

Re:All security is important (0)

Anonymous Coward | more than 7 years ago | (#16027410)

Indeed that is a bad analogy. It's like comparing something that could kill you with something that can slightly annoy you.

Let me help you out. Paying attention to today's vulnerabilities while forgetting about the old ones? You might rather say that it's more like walking across a highway and only getting out of the way of *really big* trucks.

Re:All security is important (2, Insightful)

regular_gonzalez (926606) | more than 7 years ago | (#16027501)

An even better analogy would be that it's like fixing newly discovered vulnerabilities on your website but neglecting to check for older exploits.

Why the omnipresent need to analogize the most straightforward things? The world may never know.

Re:All security is important (1)

Tyger (126248) | more than 7 years ago | (#16027511)

Well you see, to understand the need th analogize the most straightforward things, it might help to understand that it is a lot like when you are going to the supermarket and you...

Oh.... right...

Re:All security is important (5, Funny)

Iron Condor (964856) | more than 7 years ago | (#16027585)

Why the omnipresent need to analogize the most straightforward things? The world may never know.

Because a good analogy is like a diagonal frog.

Re:All security is important (2, Funny)

FooAtWFU (699187) | more than 7 years ago | (#16028365)

Because a good analogy is like a diagonal frog.

That analogy is almost, but not quite, entirely unlike a diagonal frog.

Re:All security is important (1)

xappax (876447) | more than 7 years ago | (#16030369)

Why the omnipresent need to analogize the most straightforward things? The world may never know.

A lot of people on Slashdot are computer people, and a lot of us, including me, have to (or just want to) explain technical computer concepts to non-technical people. Most of the concepts are, as you said, pretty fucking simple, but the jargon is very intimidating and counter-intuitive to non-techies.

So, I think there's a tendency for geeks to resort to metaphor as a way of making computer-speak more cute-n-fuzzy, and some people do it so much it becomes reflexive, even in a geek forum where it's obviously inappropriate. After all, everyone here already knows the internet is a series of tubes...

Of course, then there's the inverse (and in my opinion far more clever) geek tendency to use computer metaphors to describe non-computer stuff (like, the road was totally DoSed today because of construction)

Re:All security is important (4, Insightful)

LurkerXXX (667952) | more than 7 years ago | (#16027507)

No kidding. Shocker. He found some machines at Universities, etc, that hadn't been patched in a long time.

How is that surprising? Does he think that never does some department set up a small server for itself, then in a couple years, the person admining it leaves, and since the machine is still 'working', people continue to let it run/use-it. After a while, running with no admin, it gets way out of date on patches and is vulnerable to anybody. Happens all the time. And it's got absolutely nothing to do with an active and competent admin worrying about 0-day exploits on the boxes that they ARE taking care of.

Re:All security is important (0)

Anonymous Coward | more than 7 years ago | (#16027589)

I work in a university IT department. Those of us who pay attention to security know we have a huge number of machines that aren't patched. The problem is that we're the minority and because we use a lot of specialized software the "it works so why bother" crowd tends to prevail. I've got a WSUS roll-out in progress right now to hopefully solve this problem once and for all but it's still going to be a tedious way of handling things.

Re:All security is important (1, Insightful)

vmfedor (586158) | more than 7 years ago | (#16029471)

So you just assume all those exploitable machines are "junk" machines that are left running in a closet somewhere? I would never want you to administer *my* network, bub. What if one of those junk machines could be exploited to give access to the more useful machines in the network? Or what if they weren't junk machines at all? If the admins of that network can leave easily exposed machines running what kind of security model do they have anyway? And if those machines are vulnerable to those old exploits then it's a sure thing that they are very very vulnerable to 0-day stuff, too.

How would you like to be a student at one of those universities, or a user of a commerce web site which has your credit card information, knowing that there is a *potential* and *very easy to exploit* vulnerability just waiting to happen? The articles point, methinks, is that if it's this easy to find an easily-compromised machine then there are probably a ridiculous amount of them on the internet and that people need to be more proactive about their security. Just assuming that these machines are internal department production servers is a risky way of administering a network. Why are they so exposed to the web if they don't matter? You would think a competent security admin would be proactive about finding and removing old, out-of-date machines that could potentially be compromised.

Of course, no amount of awesome admins will close all security holes. Physical and software security only can go so far. Hopefully these organizations that he pegged are smart enough to keep their really sensitive information locked up tight and not spread out all over their network.

Re:All security is important (2, Insightful)

LurkerXXX (667952) | more than 7 years ago | (#16029689)

Wow, insulting me because I said it was no suprise. Who pissed in your corn flakes?

I didn't say every machine was a 'junk' machine, but if you have any experience at Universities, you often will see departments 'doing their own thing' when it comes to departmental servers, where the IT department of the University is not involved in their administration at all other than supplying an IP-address/DNS. The IT department's 'security model' is usually for machines directly under their control. Not the computers in every department. That's reality. It happens.

In any competently run University IT dept, the IT folks running the machines with sensitive information would keep those machines firewalled off from the rest of the University. Besides unpatched departmental 'junk' servers, the network is also full of undergrad laptops, etc, with who knows what spypare/malware on them. And some of the undergrads may be hackers themselves. Any competent folks would treat the main University LAN as just as hostile of an environment as the Internet. I would never want you to administer *my* network if you don't understand that. Bub.

In case you aren't familiar with what often happen

O comment vulnerability (n/t) (-1, Offtopic)

Mateo_LeFou (859634) | more than 7 years ago | (#16027366)

that is all

Found an alternate link (1, Informative)

kingjames128 (981661) | more than 7 years ago | (#16027367)

Re:Found an alternate link (1)

kingjames128 (981661) | more than 7 years ago | (#16027419)

Nevermind... sry.

Re:Found an alternate link (0)

Anonymous Coward | more than 7 years ago | (#16027876)

If you really want to know what the underground are up to, ask an expert [google.com] .

Wrong Perspective (4, Insightful)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#16027379)

Michael Sutton has up an interesting post on the security vulnerabilities that we really need to be concerned about. According to Sutton, it's not the new ones that are scary, it's the old ones that have long since been forgotten.

The old ones may be the most worrying to people tracking security in general. They are not, however, the most worrying to those of us looking to secure our own networks, since we know how to stop them. It is a matter of control. I can patch and Firewall, and ACL away any old worms and detect them if they get through. I might be helpless, however, if a new, zero day worm hits.

Re:Wrong Perspective (1)

CyberSlugGump (609485) | more than 7 years ago | (#16027537)


Zero-day exploits also, after time, become old ones ;) They also caused hassle for home users a year or so ago when their newly unboxed Windows XP SP1 box to the internet and get hit with Sasser before the Windows Update site even loads....

Re:Wrong Perspective (1)

RobertLTux (260313) | more than 7 years ago | (#16028077)

just a hint have a SP2 patch cd and a current copy of autopatcher + your "toys" disc on you when you bring a unknown state computer online.

Hint don't connect the network cable until you have finished all of your cds

Re:Wrong Perspective (5, Insightful)

Aadain2001 (684036) | more than 7 years ago | (#16027554)

Don't forget, no matter how much you firewall or patch or try to secure your systems and network, you can never truely protect yourself from an uniformed user. All it takes is one user getting their personal laptop infected and putting it back on the corporate network for it to attempt to spread. And all it takes for the it to take hold in the network is a couple of developement boxes that some group has forgotten about for a few years and forgotten to patch. And while your most important systems remain protected, worms and viruses can still cause havok by flooding the network, sending out bogus emails, etc. And then you have to take time off your projects and track down those old boxes and deal with their owners. So yes, while old problems are not hard for you to protect against, never forget the other person who doesn't know how to protect themselves and how they can still effect you.

Re:Wrong Perspective (4, Funny)

djmurdoch (306849) | more than 7 years ago | (#16027656)

Don't forget, no matter how much you firewall or patch or try to secure your systems and network, you can never truely protect yourself from an uniformed user.

You're right. These days those uniformed users don't even need warrants.

Re:Wrong Perspective (1)

Aadain2001 (684036) | more than 7 years ago | (#16027678)

LOL, yet another case where a built-in spell-checker (ala Gmail) would be very helpful on /.

Re:Wrong Perspective (4, Funny)

sgbett (739519) | more than 7 years ago | (#16027833)

Why so? Was uniformed spelled wrong? ;)

Re:Wrong Perspective (5, Funny)

EvanED (569694) | more than 7 years ago | (#16027980)

Eye halve a spelling chequer,
It came with my pea sea,
It plainly marques four my revue
Miss steaks eye kin knot sea.

Eye strike a key and type a word
And weight four it two say
Weather eye am wrong oar write
It shows me strait a weigh.

As soon as a mist ache is maid
It nose bee fore two long
And eye can put the error rite
Its rarely ever wrong.

Eye have run this poem threw it
I'm shore your pleased two no
Its letter perfect in it's weigh,
My chequer tolled me sew.

Re:Wrong Perspective (0)

Anonymous Coward | more than 7 years ago | (#16029047)

It came with my pea sea

I think the term pee sea is more appropriate, when referring to Windows based machines.

Re:Wrong Perspective (0)

Anonymous Coward | more than 7 years ago | (#16029718)

Am I the only one that read it in a Scottish accent?

Re:Wrong Perspective (2, Insightful)

ezratrumpet (937206) | more than 7 years ago | (#16027665)

Sometimes all the protection is on the ethernet connection, leaving one or more drives unprotected. A malicious user with a floppy or a thumb drive can make short work of a network through those holes.

simple (3, Funny)

scenestar (828656) | more than 7 years ago | (#16027380)

Release The exploit in a form so easy even the most assbackwards 13 yearold skiddie can use it on his Dell.

Just wait and see how long it takes before it gets patched.

Re:simple (5, Funny)

ultramkancool (827732) | more than 7 years ago | (#16027663)

Why not just attach a spreading mechanism and call it a worm.

mod parent up (0, Redundant)

oscartheduck (866357) | more than 7 years ago | (#16027830)

That's one of the most hilarious replies I've seen; dry, witty and straight to the point of showing off exactly what was wrong with the grandparent's comment.

If I had the points I'd do it myself. But I don't.

*sigh* (3, Funny)

hnile_jablko (862946) | more than 7 years ago | (#16027400)

*looking at watch waiting for compulsory relation to terrorism analogy and the ubiquitous overlord welcoming*
Please troll me up, I am aching for some negative karma.

Re:*sigh* (-1, Redundant)

bcat24 (914105) | more than 7 years ago | (#16027437)

Somebody please mod the parent up. :)

You don't have to (1)

El_Muerte_TDS (592157) | more than 7 years ago | (#16027407)

Either you care or you don't and get abused and will take your responsibility when your machine is being abused to abuse other machines.
Take your pick.

Re:You don't have to (2, Funny)

dhasenan (758719) | more than 7 years ago | (#16028166)

Or you don't care and you deny responsibility when your machine is being abused. That's the most popular way.

0day more risky than a well-known vuln (1)

Superken7 (893292) | more than 7 years ago | (#16027440)

It is well known that people do not patch their servers, even if they are vulnerable to a well-known vulnerability.Simply because they do not take the time to look it up or fix it or whatever..

BUT even the ones who DO patch their servers can do nothing about 0day exploits circulating in the wild.
And that goes for the vulerabilities only known to the bad guys, as well as to those announced publicly, but there is no patch.

That is a risk many people take(well, everyone who is vulnerable, which *may* be every windows box for example),
versus "lazy" guys who do not patch their servers regularly.

Also, viruses are also much more destructive when they originate from 0day exploits, which can result in an important number of machines being pwned in no time(which has happened quite a few times now,right?)

I do know there are hundreds of vulnerable systems out there.. the script kiddies know best, but to me it is clear why there is certain "hype" about 0days.

Security is simple (3, Insightful)

ZorbaTHut (126196) | more than 7 years ago | (#16027444)

The most dangerous vulnerabilities are the ones people don't know about. Whether that's because they haven't learned yet or because they've forgotten is immaterial.

That's why Step 2 of making a truly secure network is to assume "everything I have done so far is wrong and my server is slightly less airtight than a block of swiss cheese infested by cheese-eating termites".

Re:Security is simple (4, Funny)

Kesch (943326) | more than 7 years ago | (#16027482)

... assume "everything" I have done so far is wrong and my server is slightly less airtight than a block of swiss cheese infested by cheese-eating termites.


You just HAD to drag the French into this.

Re:Security is simple (0)

Anonymous Coward | more than 7 years ago | (#16028852)

The Dutch eat cheese, the French eat Frogs and snails.

Re:Security is simple (1)

legoburner (702695) | more than 7 years ago | (#16027540)

The parent is totally correct. I guess step 3 would be running every tool that you can think of to test for vulnerabilities (after you have assumed everything you have done is wrong and have patched/locked down everything to the most restrictive policies possible whilst still allowing the system to function). As most people know, nessus [nessus.org] is one of the best programs for vulnerability testing.
That just leaves step 1?

Re:Security is simple (0)

Anonymous Coward | more than 7 years ago | (#16027582)

Step 4 would be to run every tool that you can think of a second time to test for vulnerabilities that may have been created by the other tools.

Step 5 would be to run every tool that you can think of a third time to test for vulnerabilities that may have been created by the other tools.

Step 6 ...

Re:Security is simple (1)

ZorbaTHut (126196) | more than 7 years ago | (#16027763)

Step 1 would be to secure everything as well as you can. :)

(Within reasonable limits based on cost and accessibility, of course.)

Re:Security is simple (1)

jlarocco (851450) | more than 7 years ago | (#16028406)

I guess step 3 would be running every tool that you can think of to test for vulnerabilities

Whoa, slow down there. If I've learned anything from reading Slashdot, it's that step 3 is always "Profit!". Clearly, since your step 3 is NOT "Profit!", you've made some kind of mistake. Might want to look into that.

Ivy League school was Harvard (3, Informative)

TornSheetMetal (411584) | more than 7 years ago | (#16027453)

Following direction on the site, it was a wiki at Harvard with the remote vunerability:
http://hcs.harvard.edu/~freeculture/wiki/index.php /Special:Version [harvard.edu]

Re:Ivy League school was Harvard (1)

Kesch (943326) | more than 7 years ago | (#16027493)

Odds are an MIT student has already read this and Harvard is about to get 0wn3d in a creative and hilarious way.

Re:Ivy League school was Harvard (1)

L7_ (645377) | more than 7 years ago | (#16027552)

the guy whos wiki is exploitable even posts about slashdot stories on his (interesting!) blog at http://hcs.harvard.edu/freeculture/blog/ [harvard.edu] ... so should know wtf he is doing.

Did I read that right? (0)

Anonymous Coward | more than 7 years ago | (#16027886)

He should know wtf he is doing because he reads slashdot???

Re:Ivy League school was Harvard (1)

Kamiza Ikioi (893310) | more than 7 years ago | (#16028218)

I know what he's thinking right now:

"Wow, I got slash-dotted! I must have done something awesome on the wiki!"

15 seconds later pulling up the story all the referrers show.

"Ah crap!"

Re:Ivy League school was Harvard (2, Interesting)

Fnkmaster (89084) | more than 7 years ago | (#16027990)

Which is on a random guy's personal site on the Harvard Computer Society web server, run by a volunteer student group. Nothing really to see here.

Any school that has an area where any student can put up arbitrary PHP code is going to have tons of sites with vulnerabilities.

It's not on an official school server, and presumably the hosting on such sites is set up with sufficiently tight permissions to prevent any serious damage from being done if people run arbitrary, crappy PHP code.

Nuff said on that vulnerability. It sounds much worse when it's presented as "the website of a major Ivy League university".

Re:Ivy League school was Harvard (1)

jZnat (793348) | more than 7 years ago | (#16028448)

Well, it's an Ubuntu box, and MediaWiki 1.5.0 is running on it along with an old version of PHP 5.0 and an ancient version of MySQL.

Re:Ivy League school was Harvard (1)

wirelessbuzzers (552513) | more than 7 years ago | (#16028614)

Sure 'nuff. HCS gets hacked occasionally, usually because our users toss up insecure stuff and then don't patch it. Free Culture ought to know better though, they have a lot of computer geeks in there, including half the HCS board.

We'll get it patched at some point, probably in a few weeks when school starts. Right now we can't patch it because we're running an ancient MySQL, and we can't patch that because we'll have to migrate all the databases, and we're too lazy to do that (plus, if it fucks up there's nobody on site to kick the machines).

Hooray for laziness and good backups!

The Ivy leaguge school... (0, Redundant)

kingjames128 (981661) | more than 7 years ago | (#16027469)

that is vulnerable is Harvard: hcs.harvard.edu/~freeculture/wiki/index.php/Specia l:Version (good link this time!)

Sobering stuff? (-1, Offtopic)

TemplesA (984100) | more than 7 years ago | (#16027498)

I'm not quite sure if I just found that out [and it was my company, school, ect.] while I was drunk that I would stop drinking...

Hell, pass that borrle.
Did I say borrle? Haha.

warez (1, Funny)

d0hboy (679122) | more than 7 years ago | (#16027612)

When I read this headline I thought it was talking about 0-day warez.

"Zero day" is a marketing gimmick (4, Insightful)

Anonymous Coward | more than 7 years ago | (#16027615)

The term "zero day" refers to the amount of time between a patch being available and an exploit being in the wild. That's all fine and dandy except it propagates the idea that exploits are never in the wild before a patch is available. It's not the "zero day" exploits that have me worried--it's the "negative three months" exploits.

I have been in a meeting with a Microsoft security "expert" who seriously claimed that exploits are only be produced by reverse-engineering Microsoft's patches, and that the primary risk is that the time it takes to reverse-engineer a patch is decreasing. If that was really true, Microsoft could stop all exploits immediately by never releasing any more patches. The primary risk is that there's a flaw in the software, obviously, and the clock starts ticking the moment people start using the buggy software, not the moment Microsoft tells us to patch it.

However, admitting that Microsoft is REACTING to hackers rather than the other way around makes them look kinda dumb. Thus the "zero day" myth.

Re:"Zero day" is a marketing gimmick (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16028164)

I always thought "zero day" referred to the time between a theoretical exploit becoming known to the security community, and when a viable attack is created.

Normally you have some lag in there... People hear there's a weakness in some piece of software, and it takes the black hats a few days to come up with a way to attack that weakness. In the mean time folks are scrambling to harden their systems against the coming attack...security companies and software vendors are (supposedly) working on a patch... Folks generally see the attack coming and can prepare for it.

"Zero day" is when you have the people find out about a weakness because there is already an attack in progress (or so I thought?). The black hats discovered the weakness first, devised an attack, and launched it before anyone knew what was coming. There's no way to prepare for it, no time for folks to develop a patch or harden their systems. You simply have to rely on the security policies you already have in place, and hope they're enough to stop any and all possible attacks.

Re:"Zero day" is a marketing gimmick (0)

Anonymous Coward | more than 7 years ago | (#16029939)

At least during the Microsoft guy's presentation, a 1-day exploit happened 1 day after the patch was released. A 2-day exploit was two days. A zero-day exploit was released the same day.

Nowhere in the presentation did it indicate when the bug was found by the security community, lest we be able to measure the time between that and when Microsoft released a patch. That might also cast them in a bad light.

As far as this guy was concerned, there was no reason to ever worry about exploits until a patch was available.

Re:"Zero day" is a marketing gimmick (1)

fritzk3 (883083) | more than 7 years ago | (#16028397)

...and here I was, thinking that this headline was referring to something else "0-day"... good old 0-day WAREZ!

0 day (0)

Anonymous Coward | more than 7 years ago | (#16027635)

I thought this was about 0 day warez.

Our little secret (2, Insightful)

Plutonite (999141) | more than 7 years ago | (#16027636)

If you are in charge of an important network, you are always afraid.

There are many things that can keep you comfy, like daily updates and 24/7 monitoring of advisories, but the professionals do not always submit their findings. Security gurus submit holes as part of their work or to get their name known or to make a point..but many will stay in the dark. The really serious ones will always have their own unreported set of vulns in various platforms, 99% of the time these are buffer overflows at the kernel level(e.g your TCP/IP stack), leading to immediate root access to boxes/routers/firewalls.

Money is the root of all evil.

Re:Our little secret (0)

Anonymous Coward | more than 7 years ago | (#16027934)

>>Money is the root of all evil.

Oh, please. "If money is the root of all evil, what is the root of money?" Read Ayn Rand's Atlas Shrugged.

Damn! (2, Funny)

uberphear (984901) | more than 7 years ago | (#16027780)

So the article isn't about warez? Damn.. I was looking for teh l337 DDL linkz!1. Guess I should stop going by the titles...

Be careful of the 5 1/2 disks..... (0)

Anonymous Coward | more than 7 years ago | (#16027878)

I have to agree, I've been having numerous problems with boot viruses recently.

Patch Rapidly (1)

cybrzndane (632057) | more than 7 years ago | (#16027908)

I install security updates as I see the initial advisories posted. If you don't install them right away, they won't get installed and you will end up with situations where old vulnerabilities don't get patched. An old vulnerability got me once and I will do my best not to let that happen again.

It's a fundamental problem of the "security biz" (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16028074)

A big portion of "0days" is the marketing hype and power. You can trade them, you give yourself street cred if you have some. It's a geek thing. Back in the day, there were virus exchange BBSes (yeah, you had to use a phone and dial up) and they'd let you download viruses until your heart was content but you had to upload one first. Some wanted a new one that couldn't be detected before they'd give you respect.


Think about it, how do you get famous in security? You break something. Further, a lot of pen-testing is done with loaded contracts, if you actually break in, you might get paid a lot more so you create this culture where by nobody who does that is really that interested in actually increasing security and it's in their best interest to actually have a collection of exploits that they don't disclose. There is a whole mystic around it, do you want Kevin Mitnick to test your social engineering defenses or do you want some faceless large company to do it?


You can spend a couple grand to go to blackhat and "learn hacking" and you can spend tens of thousands of dollars buying exploits from companies like immunitysec, it's a potentically a great business if you don't mind being a security "expert" that doesn't actually encourage security and you don't mind hanging around and dealing with criminals and some of the dirtier folks out there. Just trade and accumulate "0days" and then sell them. Then they all have this nice little excuse built in, they are practicing responsible disclosure and so they can't tell you; then they backhand the vendors and claim that they reported certain issues "months ago" and the vendors never fixed it. I'm not sure what the percentage is, but a lot of it is bullshit. Just look at those Apple Wireless frauds [macworld.com] from a couple weeks ago, they didn't report shit to anybody, they lied about it, the lied about being threatened with law suits and claimed that's why they couldn't disclose anything, the entire thing could be a fraud. They lied to their audience at blackhat, they very clearly made it sound like they were threatened by apple and other vendors and the truth is they never spoke to anyone about it; that's par for the course. I'd bet that somewhere near 80% or even more of it is that way, that's the reason behind full-disclosure.


It's all about layered protection and policy. That's sort of where the whole thing falls apart, organizations don't have policy and you can't build protection on top of nothing. No policy, what do you expect? Sure, large schools and organizations are going to have tons of unpatched systems, who'd want to screw up a working server if they don't have to and security isn't their concern? Honestly, unless you're a high profile target, 0days aren't your problem. Your problem is insiders doing stupid or malicious things, botnets and unpatched systems that are exposed to the world and that you potentially don't even know about.

Back to the Future (1)

Doc Ruby (173196) | more than 7 years ago | (#16028111)

"Looking backwards"? This story is a journal from nuthinbutspam (999551). Not only are Slashdot editors apparently publishing journals, but we're almost up to a million registered Slashdotters (and an infinitude of infinitesimal ACs). And the warning signal for the E6 milestone is "nuthin but spam".

The future's so bright, I gotta wear shades of Max Headroom [google.com] .

@wl yor filles r myne (0)

Anonymous Coward | more than 7 years ago | (#16028267)

I am n3td3v!!! i warn u aboot zero-day xploit found on slushdut. all your data is cmpromized. we r n3td3v...

Slashdotted (1)

bendodge (998616) | more than 7 years ago | (#16028524)

JohnnyIHackStuff is almost nonresponsive.

Re:Slashdotted (1)

onedotzero (926558) | more than 7 years ago | (#16029253)

It often is.

Now let's see a well written journal entry. (2, Insightful)

kinglink (195330) | more than 7 years ago | (#16028771)

Hey zonk if you have a quota and need to fill it just by posting random journal entries, try posting one that doesn't used a bastardized form of a word like "0day". That was made for warez, not exploits.

Btw the NYSE company isn't even named it coudl be any entertainment company from Universal studios to a small IPO that is making a casual game for people that costs 2 dollars, as well as single computer on a lan. With no meantion of if these are "honey pots" which will get people's attention but it will actually have no access to the real network since it's segregated.

I think slash dot needs to stop posting "news that's not news" and start pointing "news that matters" again.

lp (0)

Anonymous Coward | more than 7 years ago | (#16029058)

lp lol

0day (1)

Cr0t (963724) | more than 7 years ago | (#16029347)

... for some reason I was thinking about something else.

Setuid root and servers running under root (1)

Eravnrekaree (467752) | more than 7 years ago | (#16030751)

It surprises me that we are still having these kinds of security problems.

A lot of it is due to to poor configuration conventions that continue to this day. This involves running servers as root, and a system setuid root programs, such as X. I am quite perplexed that simple steps have not been taken to remedy these problems, such as by running X under its own user and only giving that user access to the video hardware that X needs to run.

Setuid root is a problem since if there is a vulnerability in a server for instance that is not running as root, it could look for setuid binaries on the system that have their own vulnerabilities to compromise the system.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...