At Mon, Apr 19, 2004 at 06:12:16AM -0400, Chris Brenton wrote:
Key word here is "essentially". I've been involved with about a half dozen compromises that have been true zero days. Granted that's less than ground noise compared to what we are seeing today.
There're a lot more 0-days than that. They just tend to remain within a smaller community (typically the ones who discover it) and are used carefully/intelligently for compromises, often for a very long time. Then it gets leaked by someone and released into the wild/script kiddie community or someone else discovers it... (more for benefit of others than a response to you)
Also, don't underestimate a person's ability to shoot themselves in the foot. Windows 2003 server, out of the box, is technically one of the most secure operating systems out there because it ships with no open listening ports. Based on the auditing I've done however, it ends up being deployed even less secure than 2000 because a lot of admins end up doing the "turn everything on to get it working" thing. An uneducated end user is not something you can fix with a service pack.
Agreed, and even conscientious users screw up. I did this some months ago when installing MS SQL Server Desktop Engine from a third-party CD (packaged with software). This was well after the whole Slammer affair, memories fade and I didn't stop to realize they used the same codebase.... (oops) - bri