Hurricane Fatigue

[Dave Aitel <dave () immunitysec com>]

No one cares about hurricanes in Miami - most people didn't bother to 
evacuate. They slept through it, from what we can tell. Immunity's 
administrative team (I.E. myself and Justine) evacuated yesterday 
morning. I think you could make a lot of money in Florida selling 
"hurricane business centers" that allowed you to bring your pets. 
Basically high end hotels that are underground and have generators would 
do well, I think.

Also, happy birthday to Joanna of invisiblethings.org. Go buy a custom 
rootkit detector today!

http://isc.sans.org/diary.php?storyid=787 <-- hahaha :>
Also, everyone started thinking there was going to be a MS05-047 worm, 
but there's not going to be, cause it's just not that easy. Then they 
realized it was the older UMPNP bug, so whatever. You can always tell 
the difference between IDS people who haven't written (or tried to 
write) the exploit, and people who have. The Snort BackOrifice bug is a 
lot easier than people are making it sound. "Thousands of versions..." I 
dunno where they get this. :> I haven't tested our sploit against the 
Sourcefire appliance, but I'm pretty sure one of our two versions would 
work out of the box. Does anyone actually run Win32 Snort? I could whip 
it up on the plane back to Miami, I guess, if anyone has it installed. 
The benefit of open source IDS's is that you can install them on a 
grseced box though...so it's possible there won't be a worm because 
everyone has that high level of protection only Linux can offer, right? :>

-dave