Dailydave mailing list archives

Re: The long tail of vulnerable operating systems

From: "Lance M. Havok" <lmh () info-pull com>
Date: Wed, 14 Nov 2007 16:22:25 +0100

Heil Krahmer!

It's always good to hear back from mr. stealth :>


Theres one big mistake in thinking. Just because exploits do not show
up on packetstorm or bugtraq anymore does not mean that they do not exist.
You all should know that the fun of the 90's became professional
somewhere in 2000.


We definitely agree on that one. Just because CVS exploits don't get
stolen, does not mean they were not stolen already. As my grandma used
to say (may she rest in piss, or peace): take it easy, and let the
good times roll.

And if one really thinks that nobody is using Solaris (except gov)
anymore; one just dont know business and should retire :-)
All big telcos and ISPs use Solaris for sure. and all the safety-critical
systems use unix in some way, let it be AIX, Solaris or of course Linux
;-)


You must count everyone who uses Solaris for breaking it too, for
example, we have iDefense as a great example of someone taking a
profit from AIX exploits, apart of East European juice mafia for
banging ATMs.

If you are a bad guy and want to pwn one of the fortune50(0)'s you
better have some solaris,aix and irix exploits in your bag ;-)


Not really, if you want to pwn one of the Fortune 500 companies, you
only need to be a Google shareholder. And again, let the Gmail times
roll! (please note: back in the day, even the Google's kitchen guy had
shares at the company, the good old stock options and what not).

Now they support IMAP.

BTW, don't good guys do Fortune penetrations? Because that's what a
penetrator's job is all about. Hence why people buy CANVAS. The point
is, why having exploits makes you a bad guy? Am I being naive about
your message?

We should be all tolerant towards others. Ambiguous morality is really
weak and damn Cold War-style. Let a hundred flowers bloom, let the
hundred schools of thought contend; we are not enemies, but friends.
And at the right time, I'll be there to support those who mow down the
raising flowers, to set the hill back in order and peace for the
people.

Lance, dreaming about spring.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

The long tail of vulnerable operating systems Dave aitel (Nov 12)
- Re: The long tail of vulnerable operating systems Eduardo Tongson (Nov 12)
  - Re: The long tail of vulnerable operating systems Lance M. Havok (Nov 13)
  - Re: The long tail of vulnerable operating systems Kurt Grutzmacher (Nov 14)
    - Re: The long tail of vulnerable operating systems Sebastian Krahmer (Nov 14)
    - Re: The long tail of vulnerable operating systems Lance M. Havok (Nov 15)
- Re: The long tail of vulnerable operating systems Dude VanWinkle (Nov 13)
- Re: The long tail of vulnerable operating systems Thomas Ptacek (Nov 13)
  - Re: The long tail of vulnerable operating systems Matt Hargett (Nov 15)
- Re: The long tail of vulnerable operating systems Steve Shockley (Nov 13)
- Re: The long tail of vulnerable operating systems Katie M (Nov 13)
  - Re: The long tail of vulnerable operating systems Darryl Luff (Nov 14)
    - Re: The long tail of vulnerable operating systems dan (Nov 15)
  - Re: The long tail of vulnerable operating systems Adriel Desautels (Nov 14)
    - Re: The long tail of vulnerable operating systems Katie M (Nov 15)
    - Re: The long tail of vulnerable operating systems Adriel Desautels (Nov 15)

(Thread continues...)