Zero Days …. those bloody vendors taking so long to patch ……

April 4th, 2007 Drazen Drazic Posted in Research |

We’ve just gone through another period of “worry” and “gripes” about how long it’s taken to patch another “Zero Day”. (Aside: gees, it doesn’t seem that long ago that some were calling “zero days” myths! Remember that? I could never understand that….but then again, I suppose it depends upon the company you keep).

It’ll be interesting to see how long some of those expressing concern take to actually deploy the patch. You know where I am coming from………………….

We’ve lost track of the number of times we’ve reported bad things/bad vulnerabilities at a client site….. to the extent where we state, this is beyond patching - you’re more than likely owned…..only for little or nothing to happen! (Even fewer as I’ve stated before are keen to engage us further to actually do an investigation to see what may have happened and who may own the systems and what they’ve been doing!).

So it amuses me at times to see the uproar, knowing that a good percentage of those whinging are probably happy they have something to do (whinge), and someone to point the finger at! (ie; justifying their existense?)

Scary really…but hey, us security dudes are always exaggerating as we know…or rather are told.