Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Hydrogen

From: Dave Aitel <dave () immunityinc com>
Date: Fri, 26 Jan 2007 19:39:37 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Teaching Hydrogen to a class is like introducing an ex-lover to your
friends. It's slightly awkward, since I know every little problem, but
at the same time, eventually people understand why you have it around.

Or something. It's hard to be poetic at 8am just before an 18 hour
flight. The last day of Unethical Hacking we have a whole presentation
on the design of Hydrogen and why you should never use cryptcat to
hack. Then we start combining the tools into what I like to call a
toolchain, but I'm sure has no real name.

Likewise, I don't want to beat up Route's CVSS too much. It's kind of
mean and the whole point of satire is to bring the funny. But I would
like to point out that "Exploitability" is a vendor supplied temporal
metric. I.E., not only does it change over time, but the vendor
appears to need a staff of expert exploit writers on board. Neither of
these is ever true. Also, the whole "one vulnerability per exploit"
thought pattern is very 1992AD.

The main thing that makes CrateMaster2000 so funny, is that most game
reviewers add nearly nothing to the process of deciding to buy a game,
other than screenshots. Likewise, CVSS adds nothing to the process of
deciding anything about vulnerabilities. You can go into detail about
why, but the end result is, if you don't read the two web pages about
CVSS and CrateMaster2000, and then laugh, you'll end up spiraling into
boring threads like some sort of alt.rec.pottery flashback.
("Actuaaaaally, the temporal metrics contain an alternate composition
equation that accounts for any vendor-related biases, vis-a-vis blah
blah blah....").

Ooh, and I have some new Singapore pictures up from my wild night out
with Thomas Lim last night. Unlike most nights with Thomas, at no
point did a giant shrimp escape it's bowl and try to attack us. Ok, I
admit it, I'm the tamest hacker he knows. That actually happened to
Sarah and Joanna and then Casper caught it and ate it raw, or something.
But here's some pictures anyways.
http://picasaweb.google.com/dave.aitel/Singapore

- -dave






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFup9ItehAhL0gheoRAq4oAJoDq35nEtYNI0RTSnNILjmvfaXinwCeP0mc
eptUUgA9KJu3eXzDZw47puQ=
=EM/p
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: