Dailydave mailing list archives
Hydrogen
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 26 Jan 2007 19:39:37 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Teaching Hydrogen to a class is like introducing an ex-lover to your friends. It's slightly awkward, since I know every little problem, but at the same time, eventually people understand why you have it around. Or something. It's hard to be poetic at 8am just before an 18 hour flight. The last day of Unethical Hacking we have a whole presentation on the design of Hydrogen and why you should never use cryptcat to hack. Then we start combining the tools into what I like to call a toolchain, but I'm sure has no real name. Likewise, I don't want to beat up Route's CVSS too much. It's kind of mean and the whole point of satire is to bring the funny. But I would like to point out that "Exploitability" is a vendor supplied temporal metric. I.E., not only does it change over time, but the vendor appears to need a staff of expert exploit writers on board. Neither of these is ever true. Also, the whole "one vulnerability per exploit" thought pattern is very 1992AD. The main thing that makes CrateMaster2000 so funny, is that most game reviewers add nearly nothing to the process of deciding to buy a game, other than screenshots. Likewise, CVSS adds nothing to the process of deciding anything about vulnerabilities. You can go into detail about why, but the end result is, if you don't read the two web pages about CVSS and CrateMaster2000, and then laugh, you'll end up spiraling into boring threads like some sort of alt.rec.pottery flashback. ("Actuaaaaally, the temporal metrics contain an alternate composition equation that accounts for any vendor-related biases, vis-a-vis blah blah blah...."). Ooh, and I have some new Singapore pictures up from my wild night out with Thomas Lim last night. Unlike most nights with Thomas, at no point did a giant shrimp escape it's bowl and try to attack us. Ok, I admit it, I'm the tamest hacker he knows. That actually happened to Sarah and Joanna and then Casper caught it and ate it raw, or something. But here's some pictures anyways. http://picasaweb.google.com/dave.aitel/Singapore - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFup9ItehAhL0gheoRAq4oAJoDq35nEtYNI0RTSnNILjmvfaXinwCeP0mc eptUUgA9KJu3eXzDZw47puQ= =EM/p -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Hydrogen Dave Aitel (Jan 26)
- Re: Hydrogen christian void (Jan 27)