Vulnerability Development mailing list archives
Re: Exploit Ease Level
From: sec () ORGONE NEGATION NET (jms)
Date: Sat, 29 Apr 2000 17:10:19 -0700
On Sat, 29 Apr 2000, Mark L. Jackson wrote:
// you know, a qualified system administrator / security official can // generally figure out whats going on in the code in an exploit and reach // those conclusions by him/herself. Really? Your telling me that a sysadmin who does not code all day long, does not debug code (not scripts), and generally is not even trained to code (one or two classes is not being trained) can see an exploit that professional programmers can't?????
heh, i was talking about looking at an exploit and seeing whats going on, not auditing the source for every daemon you run.
My experience with sysadmins is that they can barely find their way to work.
i can barely find my way to the bathroom in the morning on a good day, but show me source code to an exploit and i can usually figure out whats what. not always, by any means, but usually. and lord knows i cant code.
// the answer to your concerns isnt to dummy down exploits or their // descriptions, it is to do the homework needed to understand // what the code // in front of you is doing, and to reach your own conclusions concerning // threat assessment. No the answer is for companies to stop accepting crap for software.
yyyyyyyyyeah.. im a little leary of the above sentiment; named, the latest imap bug, RSAREF bug, these arent "crap" software by a longshot. which companies are you referring to?
I am all for a 'dummy down' approach. [my guess is you were being derogatory. Making something simple does not diminish someone's edibility, it increases it. To assume that you have to have a PhD before you should be able to understand an explanation of an exploit is sheer arrogance] I rely on others to keep me informed. That is called being efficient. It is not a 'bad thing'. I can not fix all the world's problems, I can only fix mine. Sometimes that a less than desirable solution, but it is reality. I don't have time to even keep up with known problems in the languages I code in; much less the platforms I am working on. *I have to turn out code.* I AM NOT A RESEARCHER. ANY help is welcome, especially if it is well laid out and easily accessible.
wait wait.. you have to turn out code, but you feel you need a PHD to understand the basic mechanics of the average buffer exploit source code? huh.. hyperbole aside, it sounds like we agree that a lot of admins need to clue themselves. i certainly put a lot of energy into trying to clue myself, and im sure you do as well. like, heres the real flaw in the "keep it simple" argument as i see it: very often, the exploits we see pop up are not "public" exploits. they have _no_ comments above and beyond shout-outs and credits to the authors, if that. so if we make the younger talent in the admin pool reliant on Hack By Numbers instructions, these people are going to sit around and chew their cud when they see code that they dont understand, and while the tumbleweeds behind their eyeballs bounce around a little faster while they debate disabling the software in question, some 14 year old just compiled it, wrote a mass scanner, and is actively owning his corner of the net. as for public exploits, all i ask for in pubic releases of exploit code is that people show me the faulty code, include a patch, or explain why no patch is forthcoming. and usually thats what i get. and for those instances where i see code in front of me i dont understand, and/or i need some help, there is this list :) -jason storm negation industries ~you gotta chug.~ -u.c.b.
Current thread:
- Using php to bounce scan, (continued)
- Using php to bounce scan Thiebaut (Apr 28)
- Re: Using php to bounce scan Omachonu Ogali (Apr 28)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- corrupted link JklojLrnzn () AOL COM (Apr 30)
- Re: Using php to bounce scan Matt Rae (Apr 30)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- Re: Exploit Ease Level Max Vision (Apr 28)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Rory Savage (Apr 29)
- Re: Exploit Ease Level Mark L. Jackson (Apr 29)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Sebastian (Apr 27)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Source code to mstream, a DDoS tool Anonymous User (Apr 29)
- Re: Securax Security Advisory: Windows98 contains a seriousbufferoverflow with long filenameextensions. Bluefish (Apr 29)