Vulnerability Development mailing list archives

re: More on Shatter

From: HalbaSus <halbasus () go ro>
Date: Sun, 25 Aug 2002 13:17:10 +0000

I don't want to be rude but... we're talking about a win32 local exploit here 
!!!!

My question would be... Why would anyone want to patch it ? Here are some 
reasons for not bothering about it.

1. Important servers/workstations should NOT use win32
2. Currently there are plenty of remote vulnerabilities which leave you with 
enough priviledge to do some nasty stuff on a Win32-box (OK, if someone will 
create an automated Shatter version that could be used to gain more 
priviledge on a "owned" win32 but than again... see reason no 1 :)
3. As long as someone needs phisical access for this it's not really such a 
serious problem.. usually when someone has phisical access to a computer he 
can do mostly whatever he/she wants. Without using exploits...
4. And probably the most important reason: Shatter is one of those mostly 
harmless yet very neet exploits that you can impress your friends with... or 
you can quickly hack your gf's account while she's changing her clothes (ok, 
during this time you could also take her computer bring it to your place, 
take out the hdd copy every file on it and then still have the time to go 
back to her place and light up a cigarete. :))

-- 
------------------------
Proud member of PentaGuard
"Making the net a safer place since 1998"

Current thread:

More on Shatter Chris Paget (Aug 23)
- Re: More on Shatter Daniel Newby (Aug 23)
  - Re: More on Shatter Dragos Ruiu (Aug 24)
    - Re: More on Shatter Daniel Newby (Aug 24)
- <Possible follow-ups>
- re: More on Shatter HalbaSus (Aug 25)
  - Re: More on Shatter Darryl Luff (Aug 25)
  - Re: More on Shatter Syzop (Aug 26)
    - Re: More on Shatter H C (Aug 26)
  - RE: More on Shatter Kris Kistler (Aug 26)
    - RE: More on Shatter Richard Masoner (Aug 26)
  - RE: More on Shatter Mark Ribbans (Aug 26)
- RE: More on Shatter Kayne Ian (Softlab) (Aug 27)