Dailydave mailing list archives
Re: Advisory Day!
From: Rodney Thayer <rodney () canola-jones com>
Date: Wed, 03 Mar 2004 11:35:42 -0800
At 02:12 PM 3/3/2004 -0500, Dave Aitel wrote:
Yes, it's time for another "advisory". As I don't believe advisories really accomplish anything
Well, for one thing, if you point out you do in fact know how to issue advisories it might help get companies listen when you file bug reports. Might, of course.
RealSecure, NAI, etc - do bugs in security software products make everyone else laugh?
Well, one certainly wonders what they do with all that bloody scanning kit if they don't run it against their own gear. I assume all of EEye's products are being scanned at the submolecular level by vast teams in suburban Atlanta, as we speak ;-) Philosophical question: suppose a box ships with no shell access by default, but with a linux kernel and a shell installed, and with a mechanism available to get to the shell. Are local shell-based exploits then a realistic attack path? I think that, if the vendor shipped BASH on the box, then someone, someday, is going to run BASH. I think that's the line. If you don't want people running a shell, ever, then don't ship a shell. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Advisory Day! Dave Aitel (Mar 03)
- Re: Advisory Day! Rodney Thayer (Mar 03)
- Re: Advisory Day! Tiago Assumpção (Mar 04)
- Re: Advisory Day! Rodney Thayer (Mar 04)
- Re: Advisory Day! Tiago Assumpção (Mar 04)
- <Possible follow-ups>
- Re: Advisory Day! arlen (Mar 04)
- Re: Advisory Day! Rodney Thayer (Mar 04)
- Re: Advisory Day! Nahual (Mar 04)
- Re: Advisory Day! david maynor (Mar 04)
- Dave Barry on computer security Tri Huynh (Mar 06)
- Re: Advisory Day! Rodney Thayer (Mar 03)