The Ashimmy Blog

Its Black Hat and the fur is going to fly this year it appears.  Those two wild and crazy guys of Mac attack fame, Dave Maynor and Robert Graham of Errata Security lead things off this year. According to this article in Dark Reading by Kelly Jackson Higgins, the former ISS guys are going to demonstrate how Black Hats can reverse engineer zero-day signatures like those used by Tipping Point to figure out where these perhaps unknown vulnerabilities exist and how to exploit them.  Lets be clear Maynor and Graham say that this is not a Tipping Point only problem. But that is what they will be demonstrating.  Could be a little payback from back in their ISS days.

This calls into question the whole zero-day initiative thing that Tipping Point runs.  Is it just taking hacks and leading other hackers to a trail on how to exploit them?  Tipping Point actually temporarily removed ZDI updates from IPS's after receiving word on this.  Now Tipping Point customers have to "opt in" to receive these signatures.

According to Graham, the whole ZDI does not give Tipping Point any insight or understanding and just encourages black hat activity.   He suggests that IPS vendors stop sending the source with the signature updates to make it harder to reverse engineer.  It should be interesting to see how IPS vendors react to this.