Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> writes:
> On Mon, 15 Dec 2008 00:01:51 +0100, Mart van de Wege wrote:
>
>> Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> writes:
>>
>>> On Sun, 14 Dec 2008 19:25:02 +0000, Roy Schestowitz wrote:
>>>
>>>> Isn't there a "zero-day Wednesday"? One day after the patches arrive a new
>>>> 0-day is usually scheduled to surface in the form of attacks that make
>>>> botnets.
>>>
>>> Yes, there is, but as usually you completely misunderstand every bit about
>>> it.
>>>
>>> It's 0-day Wednesday because the attackers reverse engineer the patches to
>>> determine how the flaw works, then they write code to exploit it, releasing
>>> it the next day.
>>
>> How do you know? Are you asserting that *all* zero-day exploits are
>> reverse-engineered from the patches? Surely you are not *that* stupid?
>
> Nice logic there. How did you jump to that conclusion?
>
> I'm talking about "Zero day Wednesday" exploits. Those that are, by
> definition, created after the patch tuesday exploit is released.
Yes, and *how* do you know that these exploits are reverse-engineered
from the patches?
Apparently it is impossible in your world to hold back an already
discovered exploit until after Patch Tuesday. No, they *must* be
reverse-engineered.
Pull the other one, it's got bells on.
Mart
--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.
|
|
