Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Telnetd exploit for solaris

From: Big Woz <angrybob () havoc gtf org>
Date: Fri, 7 Sep 2001 15:40:04 -0400
On Fri, Sep 07, 2001 at 04:49:27PM +0100, Gerard Palma wrote:

Well my 2cents worth is that script kiddies are working with known  
vulnerabilities, using exploits written by some one else. So the 
problem  has to be the vulnerability in the software and the people who 
write the  exploit.



My 2 cents is that those "script-kiddies" of days past are a bit older
now, and no longer 'kiddies'.... just look at code red 2, it's far more
advanced than the exploit the so called "security experts" at eeye
came up with.  (please note I have the highest respect for eeye,
I'm just being sarcastic to make a point.)

Lets face it, the ones who are the kiddies here are the supposed
"security experts".... they're the ones that need the information and
training that these "kiddies" are able to get easily from their peers.
At every turn someone starts crying when someone else attempts to put
the infrastructure in place to create a stronger group of "security
experts" for the future.... 

On the other hand, no one has any idea what to do about children capable
of crashing powerful servers.  Unless someone else has a better idea of
how to get the information out to the next generation of good-guys there
is nothing productive gained from trying to take a wack at "full
disclosure". 

--adam
Previous By Date Next
Previous By Thread Next

Current thread: