I think the classification system as a whole is ultimately based on agenda.
Vendors (I presume) don't want things to sound as bad as they may be.
Researchers want things to sound as bad as they CAN be. And the rest of the
people would like a means by which to measure "urgency" to patch as it
--On October 11, 2009 7:18:33 PM -0500 James Matthews
wrote:
> If you classify a remote bug (anything that can be exploited remotely)
> then you are classifying all bugs (you can use a privilege escalation
> exploit remotely) I agree with Thor, anything that exploits a remote
> service (HTTP,FTP
missed it. I want to be a money mule daddy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
What are your thoughts on an exploit for a client that connects to a
(malicious) service through the network? I certainly wouldn't call it
a local attack...
On Sun, Oct 11, 2009 at 8:18 PM, James Matthews wrote:
> If you classify a remote bug (anything that can be exploited remotely) then
> you a
If you classify a remote bug (anything that can be exploited remotely) then
you are classifying all bugs (you can use a privilege escalation exploit
remotely) I agree with Thor, anything that exploits a remote service
(HTTP,FTP Etc..) without any user interaction.
On Sun, Oct 11, 2009 at 12:54 AM,
Yes they do all look at the same common holes and flag them but as for
detection everyone has a different method.
On Fri, Oct 9, 2009 at 1:16 PM, Rohit Patnaik wrote:
> Why would Cisco, Juniper, etc. maintain the signature sets?
> Presumably, each company maintains its own set of allow/deny rule