Dailydave mailing list archives
Re: RE: funny comments from Hack IIS6 contest admin
From: Steve Lord <steve () buyukada co uk>
Date: Sun, 15 May 2005 12:37:05 +0100
Roger A. Grimes wrote:
Not being funny, but you're the one who started personally attacking Dave and Anthony. Also you should bear in mind that it's the DailyDave list, not the DailyRoger list. If you don't like it here then please feel free to start your own.I've heard of both of you. Dave, I've used your software many times before. Sorry if I wasn't in awe enough for your egos.
Really? Are you sure? What, for everywhere? I know in the UK if I started breaking into boxes across the Internet because they said 'hack me' I'd get into trouble fairly quickly if I was caught. Does that mean that if someone defaces a web site and puts 'hack me' on the page then it's ok because it's explicit?An invitation to hack a box located at www.hackiis6.com with web pages full of "hack me" text certainly doesn't need a signedauthorization...it's explicit already.
According to http://secunia.com/product/20/ - Windows 2000 Server is affected by 90 Secunia advisories. 20% of reported issues remain unpatched, the worst of which appears to be a nasty bug in the Jet Dtabase engine, which could lead to remote system access.So as you both are making sport of me, tell me how my statement isfalse?First, there haven't been many 0-day exploits against W2K3 and IIS 6 (if any), and not that many against Windows products at all since 2000 wasreleased.
Windows 2003 Server Web Edition (seeing as we're looking at IIS 6) is affected by 49 advisories according to Secunia (http://secunia.com/product/1176/). 6 of these vulnerabilities remain unpatched, although these are only listed as moderately critical.
How many people does Dave employ that write exploits? How many people do companies like NGS Research employ purely to find vulnerabilities?Dave, how many hackers and exploit writers do you know that aremotivated to write exploits by large sums of money?
Even when companies do offer money for finding bugs, as some have done over the last year, it doesn't result in a ton of exploits found and released. Money isn't a prime motivator in any hack. Hell, the realmoney is made in run old exploits (like spambots and adware crap).
Are you speaking from personal experience? Steve _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- funny comments from Hack IIS6 contest admin Anthony Zboralski (May 13)
- Re: funny comments from Hack IIS6 contest admin Steve Lord (May 13)
- Re: funny comments from Hack IIS6 contest admin Allan Liska (May 14)
- <Possible follow-ups>
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: funny comments from Hack IIS6 contest admin Anthony Zboralski (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Dave Aitel (May 14)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Bas Alberts (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Steve Lord (May 15)
- RE: RE: funny comments from Hack IIS6 contest admin I)ruid (May 17)
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 15)
- Re: RE: funny comments from Hack IIS6 contest admin Holden Williamson (May 15)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 17)
- Re: RE: funny comments from Hack IIS6 contest admin H D Moore (May 17)
- Re: funny comments from Hack IIS6 contest admin Holden Williamson (May 18)
- Re: Re: funny comments from Hack IIS6 contest admin H D Moore (May 18)
- Re: RE: funny comments from Hack IIS6 contest admin H D Moore (May 17)
- RE: RE: funny comments from Hack IIS6 contest admin I)ruid (May 17)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 18)