At Mon, Apr 19, 2004 at 06:12:16AM -0400, Chris Brenton wrote: > > Key word here is "essentially". I've been involved with about a half > dozen compromises that have been true zero days. Granted that's less > than ground noise compared to what we are seeing today.
There're a lot more 0-days than that. They just tend to remain within a smaller community (typically the ones who discover it) and are used carefully/intelligently for compromises, often for a very long time. Then it gets leaked by someone and released into the wild/script kiddie community or someone else discovers it... (more for benefit of others than a response to you) > Also, don't underestimate a person's ability to shoot themselves in the > foot. Windows 2003 server, out of the box, is technically one of the > most secure operating systems out there because it ships with no open > listening ports. Based on the auditing I've done however, it ends up > being deployed even less secure than 2000 because a lot of admins end up > doing the "turn everything on to get it working" thing. An uneducated > end user is not something you can fix with a service pack. Agreed, and even conscientious users screw up. I did this some months ago when installing MS SQL Server Desktop Engine from a third-party CD (packaged with software). This was well after the whole Slammer affair, memories fade and I didn't stop to realize they used the same codebase.... (oops) - bri