Vulnerability Development mailing list archives
Re: Blind Remote Buffer Overflow
From: 11a () GMX NET (Bluefish)
Date: Wed, 3 May 2000 21:44:11 +0200
I disagree to this attitude. If it can be verified / proven that e.g buffert overflows can be researched (and exploited as well) without access to binaries, there's one more proven vulnerability in the obscurity approach to security. It should be utterly important as well weather administrators of such a system could be alarmed or not. With mosts systems it's possible to get a local copy of a system (demos, buying, etc). But this is not the case for all systems. Some systems only exists in one single installation (example: most webservers have different threatscenarios due to how their CGIs etc works). Some public "hacker" contests by companies which should "prove" the security of their products are only for extremly rare systems which rules out local analysis for several people. (same is true for the my laboration in my Computer Security course btw... the software is overflowable but it's easier to use the 'intentional' vulnerability in the laboration server. Wonder if I get extra points if I actually could provide a buffert overflow against the server? ;)
The issue of admin suspicion should never come into this - anyone who values their freedom will conduct their vulnerability research on their local machines, or with explicit authorization from the remote admin. The vuln-dev phase is definitely not the right time to play seaky/clever games over a network, regardless of one's intention.
..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: ethernet cards & promisc mode, (continued)
- Re: ethernet cards & promisc mode Bluefish (May 07)
- "I don't think I really love you" Michal Zalewski (May 07)
- Re: ethernet cards & promisc mode Granquist, Lamont (May 07)
- Possible new strain of [CENSORED] Blue Boar (May 05)
- Re: ethernet cards & promisc mode Dragos Ruiu (May 04)
- Opportunist? Blue Boar (May 04)
- Re: Opportunist? Andreas Ferber (May 05)
- Reminder: MaxClientRequestBuffer Marc (May 03)
- Re: Blind Remote Buffer Overflow Max Vision (May 02)
- Re: Blind Remote Buffer Overflow Blue Boar (May 02)
- Re: Blind Remote Buffer Overflow Bluefish (May 03)
- Re: Blind Remote Buffer Overflow Bluefish (May 02)