Security Incidents mailing list archives
Re: [Full-Disclosure] remote kernel exploits?
From: Azerail <Azerail () supersecretninjaskills com>
Date: Sun, 8 Sep 2002 05:25:22 -0700
My thoughts in-line... On Sun, 08 Sep 2002, andy_mn () hushmail com wrote:
- - I have not seen any incident reports on Incidents, or any other mailing list for that matter.
If it's a private exploit, in the hands of one or two people, there may be a vested interest in not reporting it.
- - You'd think several high profile sites would've been attacked already with such devastating exploits, but I've seen no reports of this. In fact, if the kids really did have such an exploit, you'd think they'd tag their h4ndl3z all over high profile sites. But according to Alldas, high profile defacements have been virtually nonexistent in the last year or so.
Not if they are being sneaky and lying low. A wise decision given today's political climate.
- - Given the skill required to craft such an exploit, I'd think it would be way out of the grasp of the kids. Since no researcher has come forth with such a vulnerability, it's logical to conclude that this does not exist.
Not everyone who crafts an exploit is neccessarly a researcher or a kid. Anyway, just my thoughts, no basis whatsoever, just based on the availible information. Azerail ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- remote kernel exploits? andy_mn (Sep 09)
- Re: [Full-Disclosure] remote kernel exploits? Azerail (Sep 09)
- Re: remote kernel exploits? Jose Nazario (Sep 09)
- Re: remote kernel exploits? Stephen (Sep 10)
- <Possible follow-ups>
- RE: remote kernel exploits? Yonatan Bokovza (Sep 10)