On 11/06/2011 2:29 AM, Georgi Guninski wrote: >> if you eliminate 95% of the holes, it may be >> *effectively* secure, simply because it isn't worth the attacker's time to >> fight for the other 5% > wtf? > > if someone has working exploit, the probability of breaking is 100% no matter > what the constant 95% is claimed to be. > > about fighting for 5%: malware like nimbda and code red appear > counterexamples - > i suppose they automatically fought for 100% and got what they could get > (quite above your 5%). > I tend to think about it this way, everybody knows how to exploit the 95% of holes, only 5% know how to exploit the last 5% of holes. Generally speaking, the last 5% is harder to exploit, or they only exist under very specific instances. Or else everyone will know how to exploit them
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/