Vulnerability Development mailing list archives
Re: Blind Remote Buffer Overflow
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Tue, 2 May 2000 07:52:57 -0700
Max Vision wrote:
The issue of admin suspicion should never come into this - anyone who values their freedom will conduct their vulnerability research on their local machines, or with explicit authorization from the remote admin.
If we're talking about true blind exploiting (which folks should try every avenue to avoid... 'cause it would be damn difficult) then that means you have no local copy of whatever it is. There do exist legitimate situations where the admin is left unaware, but you've still got permission. It's not unheard of for management to contract pene tests where the admins are left in the dark to see what they spot.
The vuln-dev phase is definitely not the right time to play seaky/clever games over a network, regardless of one's intention. Max
I'm certainly not opposed to the readers of the list using their heads and staying out of trouble. Max is in a good position to testify to folks about what can happen if you (alledgedly) cross that line. I do want to remind folks that the reasons why someone wants to find a particular hole are off-topic. I won't dictate your ethics to you. And, as I've said before, if you do something dumb and then post the evidence to the list, I will likely put it through for my own protection. There is a bunch of law enforcement subscribed to the list, so they'll get to see it. BB
Current thread:
- Re: ethernet cards & promisc mode, (continued)
- Re: ethernet cards & promisc mode Granquist, Lamont (May 05)
- Re: ethernet cards & promisc mode Bluefish (May 07)
- "I don't think I really love you" Michal Zalewski (May 07)
- Re: ethernet cards & promisc mode Granquist, Lamont (May 07)
- Possible new strain of [CENSORED] Blue Boar (May 05)
- Re: ethernet cards & promisc mode Dragos Ruiu (May 04)
- Opportunist? Blue Boar (May 04)
- Re: Opportunist? Andreas Ferber (May 05)
- Reminder: MaxClientRequestBuffer Marc (May 03)
- Re: Blind Remote Buffer Overflow Max Vision (May 02)
- Re: Blind Remote Buffer Overflow Blue Boar (May 02)
- Re: Blind Remote Buffer Overflow Bluefish (May 03)
- Re: Blind Remote Buffer Overflow Bluefish (May 02)