Cache Servers Keeping Exploit Code Alive

1960's architecture writes, "At last some evidence that exploit code is hiding on servers used to cache website content. According to Techworld, Israeli outfit Finjan has come up with evidence that real exploits have hidden on cache servers used by large search engines, effectively extending their life for periods of weeks after the original website had been taken down. The exploits detailed are from 2003-2004, but the principle would still apply to any exploit website around today, and any cache servers used by any one of the three unnamed search engines. It's almost literally malware 'life after death.'"

Security through censorship. Wonderful.

[Kadin2048]

Exactly. The people behind this "discovery" seem to think that the best way to combat security holes is to go after the exploit demonstration code, rather than, say, actually fixing the problem.

That's what's really frightening; that there are exploits that have been in the wild and in the hands of the black hats for three years, which still have not been patched.

Those "exploit sites" are not the enemy here. If anything, they're a powerful tool that lets the 'good guys' be on equal footing, or near equal footing, with the bad guys, who are probably trading exploits around in IRC channels regardless of whether they're on the WWW or cached or not.

Almost literally?

[tobiasly]

It's almost literally malware 'life after death.'

But is it almost literally, or literally almost? What would make it true life after death? (Literally)

Like Joe Rogan said

[Lord+Kano]

Trying to get something off of the internet is like trying to get pee out of a pool.

Why not just patch the vulnerabilities? If publishers would fix their shortcomings then it wouldn't be an issue.

LK