I tried to post this in the comments on Emergent Chaos, but got the message "Your comment was denied for questionable content.":
What? I left out the part about the CASE OF BEER?! It must have been a truncated post or something…
The weird thing about "in-the-wild exploits against undercover vulnerabilities" is that the ones I am talking about need no customer references whatsoever. So just your mentioning it makes me wonder if we are talking apples and oranges.
C’mon, just point me to ONE major vendor patch bulletin that originated when you saw the vulnerability exploited in the wild before any good guys knew about it. Presumably, this exploit would have been the catalyst for discovery and disclosure by the good guys. I’ll definitely buy you a beer or 50 if you can do that.
Seriously, here’s the paradox in all this: you support the insignificant vuln discovery/disclosure/patch stuff, and then when it REALLY MATTERS because there is an exploit in the wild attacking people, you clam up and are willing to let the Internet swing in the wind.
http://www.sockpuppet.org/tqbf/log/2005/08/in-which-lindstrom-gets-served-and-i.html
THBBTPTBPTBPTBPTBTBTPBTTB.