| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dhoelzer at cyber-defense.org (David Hoelzer) Subject: Is Marty Lying? Dude... Reading your inane posts helps me to better understand why you feel that sticking an "A+" cert in your signature will make us think you have a clue. On 9/22/03 10:04 AM, " security snot" <booger@...xclan.net> wrote: > I just finished reading Phrack 62's article on Sneeze, and some of the > threads here concerning the matter, and I must admit that I am bothered by > some of the responses. There is nothing I hate quite as much as vendors > who lie to their customers, except perhaps vendors that are too stupid to > realize what really happened. I guess Marty assumes that anyone dumb > enough to buy the hype of signature-based IDS and to think products like > Snort/OpenSnort have any value as a security mechanism, is going to be too > stupid to think independantly to arrive to a conclusion to what most > likely did happen with the Snort.org compromise. > > First, if you look at the output from 'w' (I read a great article by BMcW > talking about the unix command 'w' being run on the ever-secure > cvs.openbsd.org by a malicious intruder, thanks Brian!), you'll notice > that users from the hacked box were logging in to www.sourcefire.com, and > some nameservers. The compromise must definately have been limited to > that single machine! No intruder would be smart enough to log > authentication credentials on one hacked machine to get to anther! > > Second, Marty speaks about the machine being "removed" from the rest of > their network so if it gets compromised, it doesn't actually affect the > Snort/Sourcefire network's security. Yet being proactively secure, and > assuming that a machine si going to get compromised, then logging into > your corporate network from that machine doesn't seem like a very > intelligent practice now, does it? Security is policy based, and these > dopes can't understand that. > > Some good questions are: > 1) If the intrusion were limited to a single "shellbox" then why did they > need to audit the code in CVS to see if it was backdoored? > > 2) If the Snort developers cannot configure Snort to detect attacks on > their own networks, why are you hiring Sourcefire to install said > mechanisms on your network to protect you? > > 3) Why the fuck do people still thing signature-based IDS is worthwhile? > > Get a clue, everyone. > > > Marty - I look forward to your reply here; we'll follow up with a critique > of your incoherent coding practices.l > > - snot, the one and only infosec mucas > > ----------------------------------------------------------- > "Whitehat by day, booger at night - I'm the security snot." > - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - > ----------------------------------------------------------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists