Full Disclosure mailing list archives
RE: remote kernel exploits?
From: gml () phrick net (gml)
Date: 13 Sep 2002 18:36:58 -0500
Oh i never said anything about "lo-tech/no-tech" and I wasn't referring to social engineering. My emphasis was on the "buffer overflow" we tend to not look farther than trying to find flaws in software. I think I was aiming myself mainly at the security companies who lurk on mailing lists trying to find their next big score. There seems to be a big emphasis on "what will the next bug be and who can find it first" and not just on this list i mean everywhere and of course the media loves that. I'm also not saying this is a bad thing I enjoy a overflow as much as the next guy, I'm just not bent on it. Lately I am seeing a rise in interest in worms and other autonomous agents I think that's good, too bad this sort of research tends to be held close by the anti-virus companies. Of course I understand the approach of locate and fix, i mean i'm a big believer in opensource and this is one of the reasons. The fact that the source code is available for auditing/tweaking is wonderful. On Fri, 2002-09-13 at 17:42, Nick FitzGerald wrote:
Personally I could really care less about "0-day exploits". There are a thousand ways to penetrate a machine that are more effective then relying on finding that one obscure piece of code. Why doesn't anyone ever discuss interception, people seem to bent on the latest vulnerability. Then again what do I know. Maybe it IS all about "0-day".Technologists, not surprisingly, tend to focus on problems that can be fixed by tweaking the technology. Social engineering and many of the useful/successful interception methods of "attack" are not particularly solvable by technologists (the ethics of human NDA research tend to "get in the way" here... 8-) ). As the people on this list are in some sense mainly technologists, the bias you point out in the concerns discussed here is quite understandable. You are, of course, right that there are many low-tech/no-tech attack methodologies but the people on lists such as this are not the people who will "fix" them, so they're not likely to get as much air-time here. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: remote kernel exploits?, (continued)
- RE: remote kernel exploits? Yonatan Bokovza (Sep 10)
- RE: remote kernel exploits? Jacques A. Vidrine (Sep 10)
- RE: remote kernel exploits? Gommers, Joep (Sep 11)
- RE: remote kernel exploits? andy_mn () hushmail com (Sep 12)
- RE: remote kernel exploits? Andrew Thomas (Sep 12)
- RE: remote kernel exploits? HalbaSus (Sep 13)
- RE: remote kernel exploits? silvio () big net au (Sep 13)
- Message not available
- RE: remote kernel exploits? silvio () big net au (Sep 13)
- RE: remote kernel exploits? gml (Sep 13)
- RE: remote kernel exploits? Nick FitzGerald (Sep 13)
- RE: remote kernel exploits? gml (Sep 13)
- RE: remote kernel exploits? Yonatan Bokovza (Sep 10)