Dailydave mailing list archives
Re: Dreaming of Summer
From: Sean Batt <sean () coombs anu edu au>
Date: Sun, 7 Dec 2003 15:43:57 +1100 (EST)
Hello Daves et al, Forgive me for asking a daft question; I'm not a security professional, just a refugee from Full-Disclosure. On Sat, 6 Dec 2003, David Maynor wrote:
... I think the shot at troajning a debian package like ssh is worth a local root, this is of course if i was just intrested in blackhat activity. For whitehat i would much rather keep the 0day for pentesting purposes.
I can't quite understand how a whitehat would use a 0day. Isn't a whitehat ethically bound to fix or report vulnerabilities? Say a WH is contracted to do pentesting, she wanders into an environment secured against known vulnerabilities, uses a 0day and then what does she report? "You're still vulnerable! I got in. Here's proof. Can't tell you how I did it: proprietary tools, trade secrets, etc etc." Am I being naive thinking that ethical stance is the difference between black and white hats? I guess I'm missing something (probably a lot) about the utility of 0days and the practice of penetration testing and if anyone can comment on that I'd appreciate it. Regards, Sean -- Sean () coombs anu edu au IT Manager, RSSS, ANU tel: +61 407 941 023 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RE: Dreaming of Summer, (continued)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer surreal (Dec 06)
- Re: Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Kohlenberg, Toby (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Tri Huynh (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Sean Batt (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 07)