I was just going to del.icio.us this, write a snippet on it, and let it post on the daily links update, but I don’t think I could quite squeeze what I have to say about this into the size limitation there. Read this, then come back here:
- Attempt at Exploiting Latest GDI Vulnerability Found in the Wild - brought to my attention by Jason via Twitter
Regarding this:
Although the exploits that we have seen so far do not yet appear to be functional, they appear to have the right general idea in their exploitation.
Why would you test an non-public that’s not “functional” in the wild? Reasons given:
It is possible that these exploits either have been leaked and are “in-work”, or that they are functional on some platform that we have not tested.
Again, even if I’m not that bright and I’ve managed to get ahold of leaked private stuff, I can’t imagine being dumb enough to start using it before I’ve verified that it works at least on some percentage of the targets. The the latter reason seems to me like the only one that makes sense. There’s a very good chance this works on something.
Kudos to Symantec for the information. I’m not questioning their take on the situation or anything, I just think that people should think about it for a moment and evaluate what the most likely situation is here.
Recent Comments