Keith Medcalf kmedcalf at dessus.com
Sun Sep 28 21:06:18 UTC 2014

On Sunday, 28 September, 2014 14:47, Valdis.Kletnieks at vt.edu said:

>On Sun, 28 Sep 2014 02:39:15 -0400, William Herrin said:

>> The vulnerabilities were there the whole time, but the progression of
>> discovery and dissemination of knowledge about those vulnerabilities
>> makes the systems more vulnerable. The systems are more vulnerable
>> because the rest of the world has learned more about how those systems
>> may be successfully attacked.

>Hopefully, Keith will admit that *THAT* qualifies as a "change" in his
>book as well.  If attackers are coming at you with an updated copy
>of Metasploit, things have changed....

Sorry to disappoint, but those are not changes that make the system more
vulnerable.  They are externalities that may change the likelihood of 
exploitation of an existing vulnerability, but does not create any new 
vulnerability.  Again, if the new exploit were targeting a vulnerability
which was fully mitigated already and thus could not be exploited, there
has not even been a change in likelihood of exploit or risk.

More information about the NANOG mailing list