High-class talks around the clock in the Forum, non-commercial projects presenting their work, new developments at the largest IT fair in the world, CeBIT Open Source 2010 in Hanover, Germany.
When it comes to security, public disclosure of vulnerabilities and working exploit code is now common. We look at why this can be both harmful and helpful to securing your systems.
Last month, I wrote about the DNS security issues, and I included examples of how to exploit it before the magazine went to print. Since then, a friend and I were discussing how exploitable the DNS issue actually was – I said it was relatively easy to exploit, and he thought that it would be difficult at best.
We both stuck to our guns until he said, “If you think it’s so easy, go write exploit code for it.” My reply was, “Why bother? Someone will write exploit code or a Metasploit module for it within a few days or weeks and release it publicly,” which they did.
Comments