Full Disclosure mailing list archives
Re: Was secreview crap - now OpenVMS!!
From: Valdis.Kletnieks () vt edu
Date: Wed, 02 Jan 2008 16:55:02 -0500
On Wed, 02 Jan 2008 13:48:13 CST, you said:
its funny how you always talk about other people ( like a few days ago when you were amazed that people exploited an off by one ),
Actually, I was merely pointing out to a reader of the list that if you *can* get x'41414141' into the appropriate register, you can probably abuse it into a full exploit, and gave an example of an off-by-one-byte that produced such an exploit. Maybe in that reader's world, they can get away with asking "how is that exploitable?", but some of us have to classify that as "should be considered exploitable until proved otherwise".
, and talk about "the old times"... sure signs of someone washed up as evident by your non-productiveness in the last few years
Failure to learn from the lessons of the past is a good way to shoot yourself in the foot exactly the same way. Yes - WANK was back in 1989. However, even now, almost 2 decades later, we're *still* seeing a lot of systems getting exploited for the *exact same* base cause. Additionally, it's proof that anybody who is just *now* waking up to the concept of "cyber-warfare" is 20 years behind: http://marc.info/?l=isn&m=100707930117213&w=2 It's also a good idea to keep in mind that not everybody in the security industry measures "productivity" by "number of exploits published". For some of us who run production networkds, "no incidents happened, and none of the users noticed a damned thing we did to ensure it" is the rarely attained Nirvana.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Was secreview crap - now OpenVMS!! Randal T. Rioux (Jan 02)
- Re: Was secreview crap - now OpenVMS!! Valdis . Kletnieks (Jan 02)
- Re: Was secreview crap - now OpenVMS!! reepex (Jan 02)
- Re: Was secreview crap - now OpenVMS!! Valdis . Kletnieks (Jan 02)
- Re: Was secreview crap - now OpenVMS!! Dude VanWinkle (Jan 04)
- Re: Was secreview crap - now OpenVMS!! Line Noise (Jan 02)
- Message not available
- Re: Was secreview crap - now OpenVMS!! list spam (Jan 02)
- Re: Was secreview crap - now OpenVMS!! reepex (Jan 02)
- Re: Was secreview crap - now OpenVMS!! Valdis . Kletnieks (Jan 02)
- Re: Was secreview crap - now OpenVMS!! sys (Jan 04)
- Re: Was secreview crap - now OpenVMS!! Ishan Oshadi Jayawardene (Jan 05)