Security Adviser | Roger A. Grimes » Don't repost old exploits as new exploits!

June 11, 2006 | Comments: (0)

Don't repost old exploits as new exploits!

TAGS: None

There's been a rash of "new" security posts that are well known security issues raised publicly years (sometimes decades ago), but claiming to be new findings.

Over the last month I've seen over a dozen "new" security findings (e.g. NT Alternative Data Streams, NT screensaver vulnerabilities, PGP bypass, Windows Software Restriction Policy bypass, SSL vulnerabilties, etc. ) published as new findings that are are just re-hashes of old findings that are well known and published years (sometimes over a decade) ago. Even large moderated public mailing lists are re-publishing old findings as new stuff.

Maybe it's because I've been in this field for 20 years now that I recognize them. But please, if you're going to publish your "new" finding, spend at least a few minutes googling past history first before you post your finding. Moderators do the same.

Example of responsible disclosure: A friend of mine discovered he could enumerate normally undisclosed private IP addresses disquised by a NAT device by malforming email headers. He wrote to tell me of his discovery and asked if I knew about it. I reviewed the material and said that I didn't know if it had already been discovered, but I felt that it was unlikely that the finding hadn't already been discussed. He googled a bit and found out that it had been discovered and disclosed over 10 years ago.

A little research will prevent a lot of egg on the face.

What concerns me more, is how security list moderators and readers are letting these "discoveries" pass without noting that they aren't new discoveries.

Or maybe that begs a bigger issue, which is how can anyone really be sure their discovery is unique and unpublished? That's a good question I can't answer.

Posted by Roger Grimes on June 11, 2006 07:36 AM

RATE THIS ARTICLE: