How would Snort detect the Heartbleed exploit? It looks exactly like a regular request, and from what I understand the IP address it comes from isn’t even stored in logs at the point you’re exploiting. Not all zero days are equal. It could look like legitimate activity.
How about this? Set up a website using only software and hardware that’s at least 5 years old, make sure you don’t apply any updates, and offer a bounty to anyone that hacks it. I predict anything over $500 will get you results. Do you disagree?
Hm. I don’t think that’s accurate (as either how I think about it, nor how it works). There are a few lines you could draw where anything beyond one line is definitely bad and anything not beyond a different line is not too bad, but not a single line that does that.
What would convince you that my claim about 5 year old software not being secure (or rephrase that however you want that satisfies what you consider enough of a hack) is correct?
I proposed an experimental test, do you have a better/cheaper one in mind? I realize mine is kind of difficult (and probably the hardware can be faked to make it easier, or just use new hardware), so what would you suggest?
How would Snort detect the Heartbleed exploit? It looks exactly like a regular request, and from what I understand the IP address it comes from isn’t even stored in logs at the point you’re exploiting. Not all zero days are equal. It could look like legitimate activity.
How about this? Set up a website using only software and hardware that’s at least 5 years old, make sure you don’t apply any updates, and offer a bounty to anyone that hacks it. I predict anything over $500 will get you results. Do you disagree?
You seem to think about computer security in a very binary manner: pwned or not pwned. In reality it’s, ahem, a bit more complicated.
Hm. I don’t think that’s accurate (as either how I think about it, nor how it works). There are a few lines you could draw where anything beyond one line is definitely bad and anything not beyond a different line is not too bad, but not a single line that does that.
What would convince you that my claim about 5 year old software not being secure (or rephrase that however you want that satisfies what you consider enough of a hack) is correct?
I proposed an experimental test, do you have a better/cheaper one in mind? I realize mine is kind of difficult (and probably the hardware can be faked to make it easier, or just use new hardware), so what would you suggest?