Skip to main content

View Diary: An even bigger potential intelligence leak: Microsoft (73 comments)

Comment Preferences

  •  And what do you do with a database of exploits? (6+ / 0-)

    You can only fix them so fast.  Some of them are only a byte or two, not even enough to to jump to executable code, and researching each one costs a chunk of change.  So you share them with the primary fixers (every antivirus company) and a subset of big stakeholders (governments, huge corporations).  

    MS has the most attacked OS in history, and it seems probable that the database of exploits reflects this.  As time goes by, Apple (and Google, per Android) will have their own large exploit databases in house.

    So there is the "got it from the company" exploit, of course.  But you find exploits with fuzzers, software which develops a heuristic from existing files to find potential buffer and integer math overruns.  If the overrun is big enough it will allow injection of attack instructions.  Fuzzing is partly smarts (where is that vulnerability) and mostly repetition (100s of thousands or millions of runs before products are released).  I strongly suspect that the NSA has the best fuzzing in the world, simply by dint of the number of computers they can throw at any given surface.   And so they are likely to have a great exploit database, on the operating system of your choice.

    ...j'ai découvert que tout le malheur des hommes vient d'une seule chose, qui est de ne savoir pas demeurer en repos dans une chambre.

    by jessical on Fri Jun 14, 2013 at 02:43:20 PM PDT

    •  Its allready happened ... (3+ / 0-)
      Recommended by:
      jessical, JML9999, divineorder
      MS has the most attacked OS in history, and it seems probable that the database of exploits reflects this.  As time goes by, Apple (and Google, per Android) will have their own large exploit databases in house.
      http://cvedetails.com/...

      "Anyone can support me when they think I'm right. What I want is someone that will support me when I am wrong." Sir John A. MacDonald

      by Johnny Nucleo on Sat Jun 15, 2013 at 03:55:53 AM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site