Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Re: <to various comments>EEYE: Microsoft ASN.1 ...

From: Brian Eckman <eckman () umn edu>
Date: Thu, 12 Feb 2004 13:46:18 -0600
Drew Copley wrote:
<mass snippage>

But, it turns out, that the guys
who can write exploit code also can reverse engineer patches...

</mass snippage>
You said it all in that sentence. No other commentary was necesary to make your point.
Besides reading exploit code (if such code were released, which it was not), I'd imagine (as you mention) reverse engineering the patch and/or sniffing the network traffic of your (or another) scanner in action would be much more productive methods of determining how to write an exploit than your advisory was. 

Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota


"There are 10 types of people in this world. Those who
understand binary and those who don't."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: