Dailydave mailing list archives

Re: RE: Network Exploitation Tools aka Exploitation Engines

From: "Halvar Flake" <HalVar () gmx de>
Date: Tue, 7 Sep 2004 02:44:35 +0200 (MEST)

Hey all,

1. Immunity is not a foreign (I.E. non-US) intelligence service, and our
code is fully available to all of our customers. Why a military or
government agency wouldn't demand full source code from a foreign (or
even domestic) company selling an exploitation tool baffles me. Do we
hire foreign companies to do penetration tests on our military networks?
Why would the US military use a closed source penetration test tool from
a non-US company on sensitive networks? It boggles the mind.


And you can't trust those damn foreigners ! There are no trustworthy
foreign nationals ! :-)

Abrahams cannon barrels are manufactured by Rheinmetall, which is a german
metallurgy firm. Does that make it likely that Rheinmetall will backdoor
the barrels to self-destruct upon contact with german beer so we can 
attack US tanks by throwing beer bottles ?

Preferring certain manufacturers because they're located in your own
country has mostly two economic effects:
   1) The manufacturer has less incentive to catch up with foreign com-
      petitor
   2) The manufacturer will be likely to overcharge and remain less
      productive than foreign firms exposed to full competition

While I agree on the wrongness of software patents, I think one should
think _very_ hard before one allows (possibly well-founded, possibly
completely unfounded) paranoia to influence your buying decisions.

And seriously: Both source and binaries can have undesirable features
added, and if we think that the risk of undesirable features in an
app is completely removed by it being open source, we're kidding
ourselves.

"Professional grade FUD" 
:>


Word :-)

Cheers,
Halvar


-- 
Supergünstige DSL-Tarife + WLAN-Router für 0,- EUR*
Jetzt zu GMX wechseln und sparen http://www.gmx.net/de/go/dsl

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: RE: Network Exploitation Tools aka Exploitation Engines, (continued)
- Re: RE: Network Exploitation Tools aka Exploitation Engines Adegbite Stephen (Aug 18)
- RE: Network Exploitation Tools aka Exploitation Engines Clarke, Tyronne (Contractor) (Sep 03)
  - Re: RE: Network Exploitation Tools aka Exploitation Engines Kurt Seifried (Sep 04)
    - RE: RE: Network Exploitation Tools aka ExploitationEngines Clement Dupuis (Sep 04)
    - RE: RE: Network Exploitation Tools aka ExploitationEngines Clement Dupuis (Sep 04)
    - RE: RE: Network Exploitation Tools aka ExploitationEngines Clement Dupuis (Sep 08)
    - RE: RE: Network Exploitation Tools aka ExploitationEngines Clement Dupuis (Sep 10)
    - Network Exploitation Tools aka Exploitation Engines brennan stewart (Sep 11)
  - Re: RE: Network Exploitation Tools aka Exploitation Engines Matthew Watchinski (Sep 06)
    - Re: RE: Network Exploitation Tools aka Exploitation Engines Dave Aitel (Sep 06)
    - Re: RE: Network Exploitation Tools aka Exploitation Engines Halvar Flake (Sep 06)
    - Re: RE: Network Exploitation Tools aka Exploitation Engines Lance Spitzner (Sep 06)
    - Re: RE: Network Exploitation Tools aka Exploitation Engines Mordy Ovits (Sep 07)
    - Re: RE: Network Exploitation Tools aka Exploitation Engines Darryl Luff (Sep 07)
    - Re: RE: Network Exploitation Tools aka Exploitation Engines Ben Hawkes (Sep 06)
    - Re: RE: Network Exploitation Tools aka ExploitationEngines Kurt Seifried (Sep 06)