Re: Exploit Ease Level

[sincity_mark () INAME COM (Mark L. Jackson)]

//  you know, a qualified system administrator / security official can
//  generally figure out whats going on in the code in an exploit and
reach
//  those conclusions by him/herself.

Really? Your telling me that a sysadmin who does not code all day long,
does not debug code (not scripts), and generally is not even trained to
code (one or two classes is not being trained) can see an exploit that
professional programmers can't?????

My experience with sysadmins is that they can barely find their way to
work.

//
//  the answer to your concerns isnt to dummy down exploits or their
//  descriptions, it is to do the homework needed to understand
//  what the code
//  in front of you is doing, and to reach your own conclusions concerning
//  threat assessment.

No the answer is for companies to stop accepting crap for software.

I am all for a 'dummy down' approach. [my guess is you were being
derogatory. Making something simple does not diminish someone's edibility,
it increases it. To assume that you have to have a PhD before you should
be able to understand an explanation of an exploit is sheer arrogance] I
rely on others to keep me informed. That is called being efficient. It is
not a 'bad thing'. I can not fix all the world's problems, I can only fix
mine. Sometimes that a less than desirable solution, but it is reality.

I don't have time to even keep up with known problems in the languages I
code in; much less the platforms I am working on. *I have to turn out
code.* I AM NOT A RESEARCHER. ANY help is welcome, especially if it is
well laid out and easily accessible.

Mark L. Jackson
sincity_mark () iname com

Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning. - Rich Cook

<HR NOSHADE>
<UL>
<LI>application/x-pkcs7-signature attachment: smime.p7s
</UL>