Dailydave mailing list archives
The CrateMaster2000 of Security.
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 25 Jan 2007 07:25:58 -0500
So I'm too tired to go see the ocelots or whatever at the Singapore night "safari". This is what happens during classes. You think "I'm in a far away place I'll go do cool things!" and then you go back to your hotel to check email and sleep. Recently I was reading a lot about metrics, in particular "security metrics", in preparation for the upcoming Mini-Metricon that happens right before RSA. Here's my thought on metrics today: If your metric is somehow perfectly satirized by Old Man Murray's CrateMaster2000 (http://www.oldmanmurray.com/features/39.html), then it's time to go back to the drawing board. CVSS, we're looking at you here. I've gotta wonder at stories like this: http://valleywag.com/tech/cia/facebook-exposes-wannabe-spooks-231130.php . I think pages like that are what you get when you read "The Company" (http://www.amazon.com/Company-Robert-Littell/dp/0142002623/) backwards. (Ignore the obvious typo on the book excerpt there. It's really quite well written - and I don't just mean it has a nice typeface like some Amy Tan book. That dude clearly knows how to string the right words together for long periods of time in a row. I was reading it last time I came to Singapore, and this time I'm reading a book on Oysters. Turns out there used to be a lot more of them, like stack overflows.) Anyways, assuming I can work the email client and Mailman lets the image go through, below you should see a graphic from the latest version of VisualSploit. It's a working version of the 3com tftp exploit that is Windows version and SP independent. In the near future you'll just build the packet, and SPIKE will fuzz it, and ImmDBG and VS will cooperate to write the exploit for you. -dave VisualSploit Screenshot _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The CrateMaster2000 of Security. Dave Aitel (Jan 25)
- Re: The CrateMaster2000 of Security. Anton Chuvakin (Jan 25)
- Re: The CrateMaster2000 of Security. andre (Jan 26)
- Re: The CrateMaster2000 of Security. Robert Graham (Jan 26)
- Re: The CrateMaster2000 of Security. Ron Gula (Jan 27)
- <Possible follow-ups>
- FW: The CrateMaster2000 of Security. Des Ward (Jan 28)
- Re: FW: The CrateMaster2000 of Security. Florian Weimer (Jan 30)
- Re: FW: The CrateMaster2000 of Security. Des Ward (Jan 30)
- Re: The CrateMaster2000 of Security. Anton Chuvakin (Jan 25)