On Thu, 10 Jun 2004 08:50:18 PDT, Eric Rescorla said:
Valdis.Kletnieks@vt.edu writes:
Remember that the black hats almost certainly had 0-days for the holes, and before the patch comes out, the 0-day is 100% effective.
What makes you think that black hats already know about your average hole?
Because unlike a role playing game, in the real world the lawful-good white hats don't have any deity-granted magic ability to spot holes that remain hidden from the chaotic-neutral/evil dark hats. Explain to me why, given that MS03-039, MS03-041, MS03-043, MS03-044, and MS03-045 all affected systems going all the way back to NT/4, and that exploits surfaced quite quickly for all of them, there is *any* reason to think that only white hats who have been sprinkled with magic pixie dust were able to find any of those holes in all the intervening years?