[1]BADLOCK - Are 'Branded' Exploits Going Too Far?:

    So there's been hype about this big exploit coming, for over a
    month, before anything was released. It had a name, [2]a website and
    a logo - and it was called Badlock.

    And now it's out, and it's more like Sadlock - really a local
    network DoS against DCE/RPC services on Windows and Linux with some
    slight chance of pulling off a MiTM. No remote code exeuction, not
    even privilege escalation.

    ...

    Microsoft hasn't even labelled it as critical, merely important.

    Crucial? As it was marketed, hardly.

    ...

    There is a whole list of CVE's related, none of them are really
    critical.

    Another questionable point is that the person who 'discovered' these
    bugs, is a member of Samba Core Team..and works on Samba.

    So it's like hey, here's a bunch of vulnerabilities I found in my
    own software, let's make a logo for them and give them a name (which
    doesn't even really related to the vulns).

    So yah there's nothing really wrong with branding a vulnerability,
    to get awareness about something critical - get press coverage and
    get people fixing it. But this? This is a minor bug, with no real
    major production impact, only exploitable over a LAN which at words
    allows for a MiTM.

    ...

    A saw a great quote on Twitter..it went something like:

    "All these names for exploits are getting confusing and can be hard
    to remember/categorise - soon we'll need to invent some kinda system
    that assigns numbers to vulnerabilities..."

    LOL indeed.

    Are these bugs important enough to patch? Oh yes, absolutely. Did
    they need a month of marketing, a logo and a name to raise
    awareness? Absolutely not. They could have slid into regular,
    automated patch updates along with all other 'important' patches.

    It could have been a interesting story about a whole series of bugs
    in SAMBA, but it became a huge discussion about the Badlock
    clownshow. Sad.

  (Via [3]Darknet - The Darkside)

  I can't agree with this article more. It's a great read. I didn't mean
  to quote quite so much, but I get a hoot out of the story.

  We spoke about this on [4]PVC Security podcast when the story first
  broke. It looks like most if not all of our predictions came true.
    __________________________________________________________________

  My original entry is here: [5]BADLOCK - Are 'Branded' Exploits Going
  Too Far? A: Yes!. It posted Fri, 15 Apr 2016 20:31:57 +0000.
  Filed under: badlock, fud, full disclosure, InfoSec,

References

  1. http://feedproxy.google.com/~r/darknethackers/~3/LlwhHMgBg7M/
  2. http://badlock.org/
  3. http://feeds.feedburner.com/darknethackers
  4. https://www.pvcsec.com/
  5. https://www.prjorgensen.com/2016/04/15/badlock-are-branded-exploits-going-too-far-a-yes/

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.