The long tail of vulnerable operating systems

[Dave aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So every CTF I've played recently (like the one at CSI last week) has a
target set of Windows 2000 and extremely old Linux (say, RedHat 8). I'm
pretty sure that on any modern network you don't find a whole lot of
either of these. There's always the people who still run NT4 and SCO
OpenServer, but you have to look pretty far for them. But yet, no real
remote exploits exist for Fedora Core 1, much less 7. Solaris has XFS
and a few other remotes, but no one runs Solaris any more except the US
Government, that I can tell. Even assuming you see some Solaris or AIX
or whatever, you end up being so deep in the network already to find it
that you've already got all the passwords and don't need exploits.

But old operating systems will continue to live forever in CTF, I assume.

Sort of as a sign of the times, while I was playing CTF on the Windows
machine provided, I browsed the web briefly and my machine was
immediately taken over by some really annoying spyware. So for the rest
of the game I got to spend a lot of time clicking "close" on IE windows
that kept popping up.

Anyways, if you want to chat about it or grieve the pain of lost 0day,
and you live in London then you should come to Immunity Pub Night In
London Saturday Nov 24 at 6pm at the Price Arthur 80-82 Eversholt
Street. I'll put 200 quid on the bar to help you drown your sorrows.
RSVP to admin () immunityinc com!

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHODL5tehAhL0gheoRAr/lAJ0R5KiL+pV4rRfa40rG5jXFhV/cXQCfXXYe
P1VlnlQE5Uf6rDxcS2Pn0Zc=
=aU96
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave