Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

underestimating crackers

From: newsham () ALOHA NET (Tim Newsham)
Date: Wed, 1 Oct 1997 10:02:32 -1000

I've noticed something frightening in recent advisories from
vendors and software writers:

In cisco's recent advisory about CHAP vulnerabilities:


 Cisco is not aware of these vulnerabilities having been exploited by "system
 crackers", nor of any publicly available exploitation code. Cisco does not
 believe that the details of the vulnerabilities are widely understood in the
 cracker community. The theoretical possibility of these vulnerabilities has,
 however, been discussed fairly openly among PPP security professionals.


In samba's recent advisory about samba overflows:


The exploit for the security hole is very architecture specific and
has been only demonstrated to work for Samba servers running on Intel
based platforms. The exploit posted to the internet is specific to
Intel Linux servers. It would be very difficult to produce an exploit
for other architectures but it may be possible.


I hope these beliefs that the cracking community is somehow technically
inept and incapable of keeping up with the literature and overcoming
simple obstacles is not widespread.  If it is, I can understand why
security is so poor and crackers are able to waltz through systems
so easily.  I'm afraid these people are in for a serious wake up call.
And the sooner, the better.

                                            Tim N.
Previous By Date Next
Previous By Thread Next

Current thread: