Vulnerability Development mailing list archives
Re: Exploit Ease Level
From: sincity_mark () INAME COM (Mark L. Jackson)
Date: Sat, 29 Apr 2000 12:05:07 -0700
// you know, a qualified system administrator / security official can // generally figure out whats going on in the code in an exploit and reach // those conclusions by him/herself. Really? Your telling me that a sysadmin who does not code all day long, does not debug code (not scripts), and generally is not even trained to code (one or two classes is not being trained) can see an exploit that professional programmers can't????? My experience with sysadmins is that they can barely find their way to work. // // the answer to your concerns isnt to dummy down exploits or their // descriptions, it is to do the homework needed to understand // what the code // in front of you is doing, and to reach your own conclusions concerning // threat assessment. No the answer is for companies to stop accepting crap for software. I am all for a 'dummy down' approach. [my guess is you were being derogatory. Making something simple does not diminish someone's edibility, it increases it. To assume that you have to have a PhD before you should be able to understand an explanation of an exploit is sheer arrogance] I rely on others to keep me informed. That is called being efficient. It is not a 'bad thing'. I can not fix all the world's problems, I can only fix mine. Sometimes that a less than desirable solution, but it is reality. I don't have time to even keep up with known problems in the languages I code in; much less the platforms I am working on. *I have to turn out code.* I AM NOT A RESEARCHER. ANY help is welcome, especially if it is well laid out and easily accessible. Mark L. Jackson sincity_mark () iname com Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rich Cook <HR NOSHADE> <UL> <LI>application/x-pkcs7-signature attachment: smime.p7s </UL>
Current thread:
- Re: Exploit Ease Level, (continued)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Using php to bounce scan Thiebaut (Apr 28)
- Re: Using php to bounce scan Omachonu Ogali (Apr 28)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- corrupted link JklojLrnzn () AOL COM (Apr 30)
- Re: Using php to bounce scan Matt Rae (Apr 30)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- Re: Exploit Ease Level Max Vision (Apr 28)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Rory Savage (Apr 29)
- Re: Exploit Ease Level Mark L. Jackson (Apr 29)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Sebastian (Apr 27)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Source code to mstream, a DDoS tool Anonymous User (Apr 29)
- Re: Securax Security Advisory: Windows98 contains a seriousbufferoverflow with long filenameextensions. Bluefish (Apr 29)