Dailydave mailing list archives
Re: Re: Dreaming of Summer
From: David Maynor <dave () 0dayspray com>
Date: Sat, 06 Dec 2003 12:32:44 -0500
In my case RHES fixes all, but there's still a big population in the Unpatched-Masses-wearing-a-KickMe-sign camp. I'm thinking along the lines Phil suggested. Change the fundamental rules of the game to be attack oriented, or have Attack teams and Admin teams (that's starting to get kinda cluttered tho). My assumption is that within 6 months, possibly three, there'll be known holes. Award points (panel of judges?) on the "elegance", stealth and/or realworld applicability of attacks. A remote root would be worth more than local root; remote unpriv'd shell worth way more than simply killing a service; killing a service with a single packet more than flooding something 'til it pukes. Not leaving messy syslog traces would give Elegance points.
There is a big problem here. Most of what Redhat sends out in its distro is other opensource projects repackaged. Unless there is going to be a remote root in up2date, these really aren't redhat issuses. Sure there might be a remote root hole in ssh or apache, but hose are apache and ssh problems, which patches are available for. Making a CTF that targets one platform is not better than the "hack the product" contests.
Hell, maybe by then Microsoft will have ported Outlook Express to Linux and make root-via-spam a reality. Make CTF a ninja contest instead of it's current state. If it was managed right, it'd also give the winner(s) significant media coverage and RH some much needed (IMO) public scolding.
Just what we need, more kids wanting to be PHC when they grow up. -- David Maynor http://www.0dayspray.com/~dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Dreaming of Summer surreal (Dec 05)
- Re: Dreaming of Summer David Maynor (Dec 05)
- <Possible follow-ups>
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer surreal (Dec 06)
- Re: Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Kohlenberg, Toby (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Tri Huynh (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Sean Batt (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
- RE: Dreaming of Summer David Maynor (Dec 06)