Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: In soviet russia the telephone api calls YOU

From: Holden Williamson <limeyhaqr () gmail com>
Date: Thu, 11 Aug 2005 10:30:28 -0300
Not every hacker is as clumsy as the ones losing Samba
exploits to HDM

...

P.S. Yes, Limey, I know real hackers don't need exploits.


Come on, that's a cheap shot ;(

Just because I can't reply to any email without egotistically ranting
for a few hours I'd like to say that we both know it's a double-edged
sword. I do believe that no real hacker needs *remote exploits*. But,
as the Great Fancyness constantly reminds me, they can make life a
hell of a lot easier and productive - it all depends how much time you
have to put in to an exploit compared to how much return you'll get
compared to how much return you would have got from other techniques.
I find that these days it's simply too much input for too little
return, the last exploit I wrote was almost two years ago and took me
four months of daily development and *still* wasn't quite 100%. This
is just the increasing complexity of making 100% offset independant
single-target exploits for complex heap corruptions under Unix
systems.
Maybe windows is the future, or perhaps the present. I wish I wasn't
such a luddite some times.

I'd also like to mention that in a Very Old DD post (some of us here
remember when only you ever posted here and only 3 letter agencies
ever read it) that sometimes you have an exploit sitting on the shelf
for months because you've already run out of interesting new targets.
Perhaps this explains why, after a year or so, you might give it out
to your clueless associates to have fun owning fat scene celebrities
with it.
Especially when there's plenty of other bugs in the software and that
bug is already "coded out" in the upcoming 3.x series.

Just speculating of course.

Also that exploit was very primitive in the anti-IDS way of things,
but it was coded way back in 2002AD and unfortunately we're not all
swedish.

<3

-holden
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: