alwinux wrote:Hi EH-Net peepz,
Is there a way we can be up to date with zer0-day attacks by getting email notifications? is there a site that have email subscription?
To be blunt. No, there isn't a way. This is why... 0day is what it is. NO KNOWLEDGE. It's only after something is publicly disclosed is it called 0day. Personally I hate the term 0day and prefer "unknown attack(s)." 0day is the typical name given to something in the wild which someone saw/got a glimpse of.
My personal view on what is considered "0day" is to have a good Extrusion
Detection System in place. See the issue with NI[DP]'s, HI[DP]'s is/are, most signature based ones fail and only catch low level attackers. Remember, they're looking for low-hanging fruit most of the times and set off so many alarms, they deserve to be caught and beaten with a cluestick. The "skillful" attackers and those who seriously want to get in WILL get in and often will get in without tripping an alarm.
Does this mean you won't/can't see them? Not really. With an EDS, (Extr. Detect. Sys) you can build a strong baseline to see what's LEAVING your network as opposed to the Internet meteorites coming into your network. Wanna play a game? Throw a machine online with full logging on a firewall. Log ANYTHING and EVERYTHING connecting to that box. I guarantee you that you will see hundreds if not THOUSANDS of constant attacks. Is it someone out to get you? Not likely, a lot of it will be residual. Do you want to waste your time and money looking into this. You CAN'T
stop that from "knocking" on your door. On the flip side you CAN
control what leaves your network.
Imagine the following for a minute. You have say an AD server doing something locally. All of the sudden you get an alert that the machine is sending OUT to say another country... You know
you have a problem. For years that machine has done nothing but work locally but now its trying to send something OUTSIDE of your network. Your money/time is more focused now. You CAN stop this and the likelihood of something really being wrong is going to be more accurate.
Anyway, to monitor "quote" 0day is mainly pointless. For one, you're not supposed to know about true "0day." Secondly, in order to find "0day" you want to subscribe to bonafide blackhat sites. Keep an invisible profile, study code and make your own signatures. Otherwise, you're falling into marketing by companies with the "next best thing against 0day." Take this from someone who has plenty of "0day" which will never be published nor shared. Think you can stop it? Think again, you will never be able to see a comparison signature. Its never been disclosed.