Dailydave mailing list archives
Attack and Defense
From: Dave Aitel <dave () immunitysec com>
Date: Tue, 27 Apr 2004 16:40:05 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My next talk is offensive. It's about attacking things, and there's no slide at the end that tries to rationalize it with "How to protect against this problem". It's weird to me to see people stand up and give an entire talk about attacking ActiveX components and then say how they don't think it would be right to release a tool that helps do this because bad people might use it. Or an entire talk about weaknesses in Novell's web server with a speech at the end from Novell's representative about how responsive they are to people pointing out basic authentication problems in their products. It's like watching information security talks from a German rabbi, filled with self loathing and four thousand-year old guilt trips. And now, of course, Johnny Cyberpunk, who's already so scared of the public eye he doesn't use his real name, has decided not to post exploits to the Interweb, something he clearly enjoys. Probably four or five MSCE's with nothing to do on Monday night but scribble patronizing things into their tablet PCs sent him almost-legible messages informing him how evil he was. That's pretty normal. This is the Interweb, after all, and people with wireless connections and no families invariably have too much time on their hands and will use it to push their own weak natures on others via the tyranny that is ubiquitious accessibility. Complaining about hacking information being distributed or people writing dumb worms that don't even really work is about one step away from writing MTV to complain about Janet Jackson's tit popping out during the super-bowl. It's right next to screaming at the kids in the apartment above you for making too much noise at 10pm. The other day I put my XP machine on the Internet to debug my cable modem connection. It got hacked in a few minutes, and I turned it off and did something else. That's it. And if you can't see the connection there you need to go and score some weed and find out how much easier it is to pick up girls with a pocket full of illegal drugs than with a CD-case of illegal mp3s. Anyways, my next talk is titled "Advanced Ordinance" and if you want to be a test-group (I hate giving talks for the first time to BlackHat - - it's stressful with a crowd that large), let me know. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAjsUlzOrqAtg8JS8RAuY/AJ4xKE7mgFetled+Hxc2EfXzc/nnvQCaA5fM Yy41kUsmUhbjQ0ANE8l3qjQ= =JPUp -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Attack and Defense Dave Aitel (Apr 27)