Bugtraq mailing list archives
underestimating crackers
From: newsham () ALOHA NET (Tim Newsham)
Date: Wed, 1 Oct 1997 10:02:32 -1000
I've noticed something frightening in recent advisories from vendors and software writers: In cisco's recent advisory about CHAP vulnerabilities:
Cisco is not aware of these vulnerabilities having been exploited by "system crackers", nor of any publicly available exploitation code. Cisco does not believe that the details of the vulnerabilities are widely understood in the cracker community. The theoretical possibility of these vulnerabilities has, however, been discussed fairly openly among PPP security professionals.
In samba's recent advisory about samba overflows:
The exploit for the security hole is very architecture specific and has been only demonstrated to work for Samba servers running on Intel based platforms. The exploit posted to the internet is specific to Intel Linux servers. It would be very difficult to produce an exploit for other architectures but it may be possible.
I hope these beliefs that the cracking community is somehow technically inept and incapable of keeping up with the literature and overcoming simple obstacles is not widespread. If it is, I can understand why security is so poor and crackers are able to waltz through systems so easily. I'm afraid these people are in for a serious wake up call. And the sooner, the better. Tim N.
Current thread:
- Security Bulletin for telnet services in HP-UX rel. 10.30 Aleph One (Oct 01)
- underestimating crackers Tim Newsham (Oct 01)
- Re: underestimating crackers John Bashinski (Oct 02)
- [RISKS DIGEST 19.40] Possible breakthrough in NP-completeness Brian Tao (Oct 01)
- Possible weakness in LPD protocol Bennett Samowich (Oct 02)
- Re: Possible weakness in LPD protocol Thomas Roessler (Oct 02)
- Re: Possible weakness in LPD protocol Christopher Masto (Oct 03)
- xc Aleph One (Oct 03)
- Re: Possible weakness in LPD protocol Thomas Roessler (Oct 02)
- NT Domain Authentication Protocol - draft Aleph One (Oct 02)
- underestimating crackers Tim Newsham (Oct 01)