Wednesday, September 16, 2009

Security Advisory Lingo Demystified F'Reals

Inspired by Cisco Security Advisory Lingo Demystified.

Remote code execution: Can be used to pop up porn ads and send spam.

Mitigating factors: Bold-faced lies.

Workarounds: Hold onto your butts, we're not patching this anytime soon.

Not exploitable in the default configuration: Remote code execution.

Limited targeted attacks: You've been owned 6 times in the time it took you to read this.

Responsible disclosure: Researcher allowed the vendor to drag their feet for 18 months in order to ensure credit in the advisory.

Crafted packet: Who knows, Metasploit does all that nerd stuff.

Denial of service condition: Remote code execution.