Dailydave mailing list archives
Re: In soviet russia the telephone api calls YOU
From: Holden Williamson <limeyhaqr () gmail com>
Date: Thu, 11 Aug 2005 10:30:28 -0300
Not every hacker is as clumsy as the ones losing Samba exploits to HDM
...
P.S. Yes, Limey, I know real hackers don't need exploits.
Come on, that's a cheap shot ;( Just because I can't reply to any email without egotistically ranting for a few hours I'd like to say that we both know it's a double-edged sword. I do believe that no real hacker needs *remote exploits*. But, as the Great Fancyness constantly reminds me, they can make life a hell of a lot easier and productive - it all depends how much time you have to put in to an exploit compared to how much return you'll get compared to how much return you would have got from other techniques. I find that these days it's simply too much input for too little return, the last exploit I wrote was almost two years ago and took me four months of daily development and *still* wasn't quite 100%. This is just the increasing complexity of making 100% offset independant single-target exploits for complex heap corruptions under Unix systems. Maybe windows is the future, or perhaps the present. I wish I wasn't such a luddite some times. I'd also like to mention that in a Very Old DD post (some of us here remember when only you ever posted here and only 3 letter agencies ever read it) that sometimes you have an exploit sitting on the shelf for months because you've already run out of interesting new targets. Perhaps this explains why, after a year or so, you might give it out to your clueless associates to have fun owning fat scene celebrities with it. Especially when there's plenty of other bugs in the software and that bug is already "coded out" in the upcoming 3.x series. Just speculating of course. Also that exploit was very primitive in the anti-IDS way of things, but it was coded way back in 2002AD and unfortunately we're not all swedish. <3 -holden _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- In soviet russia the telephone api calls YOU Dave Aitel (Aug 10)
- Re: In soviet russia the telephone api calls YOU Holden Williamson (Aug 11)
- Re: In soviet russia the telephone api calls YOU Dave Aitel (Aug 11)
- Re: In soviet russia the telephone api calls YOU Holden Williamson (Aug 11)