Bugtraq mailing list archives
Re: Security through obscurity, etc.
From: jsz () ramon bgu ac il (jsz)
Date: Tue, 13 Dec 94 19:28:47 IST
On Tue, 13 Dec 1994, jsz wrote:CERT consists of beaurocrats; 8lgm of posers -- what's a difference, after all?8lgm does not pretend to be god's gift to the net.
True: but IMHO, posting scripts that would add a "+ +" to /.rhosts -- or add a root entry into passwd file are useless; It'd make me respect Neil & Karl, if they didn't post such scripts, and instead would give detailed information about the vulnerability they found. I do respect the amount of work they did already though.
At least you can't use CERT's advisory to crack root on a site, and wipe out important files; 8lgm's advisories were, and in fact are being used for those purposes as well.I am sure this has been said by doozens of people but: If you restrict exploits to the script hackers then only the script hackers will know what they are. In turn, organizations like CERT will not know what they are until some time after the release; when the effects can be exaimed second hand. Pick your posion.
My position is pretty clear: posting a breakin code on public lists causes nothing but chaos, and needless panic. I vote no for full disclosure, I vote for free information -- but without breakin scripts that give you a root prompt. I am interested in statistics how many times 8lgm scripts were used in malicious purposes. Maybe CERT might tell us? B-) Consider it another fruitless noise on bugtraq.
Current thread:
- Re: Security through obscurity, etc. Jason Matthews (Dec 12)
- Re: Security through obscurity, etc. jsz (Dec 12)
- Re: Security through obscurity, etc. Jason Matthews (Dec 12)
- Re: Security through obscurity, etc. jsz (Dec 13)
- Re: Security through obscurity, etc. joshua geller (Dec 13)
- No more religious wars please! (was Re: Security through obscurity, Christopher Samuel (Dec 13)
- Re: Security through obscurity, etc. James M. Chacon (Dec 13)
- Re: Security through obscurity, etc. Oliver Friedrichs (Dec 13)
- Re: Security through obscurity, etc. Leo Bicknell (Dec 13)
- Re: Security through obscurity, etc. Oliver Friedrichs (Dec 13)
- Re: Security through obscurity, etc. Jason Matthews (Dec 12)
- Re: Security through obscurity, etc. Jim Littlefield (Dec 14)
- Re: Security through obscurity, etc. jsz (Dec 12)
- Re: this is interesting... Paul 'Shag' Walmsley (Dec 13)
- <Possible follow-ups>
- Re: Security through obscurity, etc. Richard Forno (Dec 12)