Full Disclosure mailing list archives

RE: remote kernel exploits?

From: gml () phrick net (gml)
Date: 13 Sep 2002 18:36:58 -0500

Oh i never said anything about "lo-tech/no-tech" and I wasn't referring
to social engineering.  My emphasis was on the "buffer overflow" we tend
to not look farther than trying to find flaws in software. I think I was
aiming myself mainly at the security companies who lurk on mailing lists
trying to find their next big score. There seems to be a big emphasis on
"what will the next bug be and who can find it first" and not just on
this list i mean everywhere and of course the media loves that.  I'm
also not saying this is a bad thing I enjoy a overflow as much as the
next guy, I'm just not bent on it.  Lately I am seeing a rise in
interest in worms and other autonomous agents I think that's good, too
bad this sort of research tends to be held close by the anti-virus
companies.  Of course I understand the approach of locate and fix, i
mean i'm a big believer in opensource and this is one of the reasons. 
The fact that the source code is available for auditing/tweaking is
wonderful.

On Fri, 2002-09-13 at 17:42, Nick FitzGerald wrote:

Personally I could really care less about "0-day exploits". There are a
thousand ways to penetrate a machine that are more effective then
relying on finding that one obscure piece of code. Why doesn't anyone
ever discuss interception, people seem to bent on the latest
vulnerability.  Then again what do I know. Maybe it IS all about
"0-day".


Technologists, not surprisingly, tend to focus on problems that can 
be fixed by tweaking the technology.  Social engineering and many of 
the useful/successful interception methods of "attack" are not 
particularly solvable by technologists (the ethics of human NDA 
research tend to "get in the way" here...   8-) ).

As the people on this list are in some sense mainly technologists, 
the bias you point out in the concerns discussed here is quite
understandable.  You are, of course, right that there are many 
low-tech/no-tech attack methodologies but the people on lists such as 
this are not the people who will "fix" them, so they're not likely to 
get as much air-time here.


Regards,

Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: remote kernel exploits?, (continued)
- RE: remote kernel exploits? Yonatan Bokovza (Sep 10)
  - RE: remote kernel exploits? Jacques A. Vidrine (Sep 10)
- RE: remote kernel exploits? Gommers, Joep (Sep 11)
- RE: remote kernel exploits? andy_mn () hushmail com (Sep 12)
  - RE: remote kernel exploits? Andrew Thomas (Sep 12)
  - RE: remote kernel exploits? HalbaSus (Sep 13)
    - RE: remote kernel exploits? silvio () big net au (Sep 13)
    - Message not available
    - RE: remote kernel exploits? silvio () big net au (Sep 13)
    - RE: remote kernel exploits? gml (Sep 13)
    - RE: remote kernel exploits? Nick FitzGerald (Sep 13)
    - RE: remote kernel exploits? gml (Sep 13)
- RE: remote kernel exploits? Gommers, Joep (Sep 12)
- RE: remote kernel exploits? isergevsky () hushmail com (Sep 13)