| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: gcb33 at dial.pipex.com (gcb33@...l.pipex.com) Subject: no more public exploits To All, Well I work in this field so my .00000001 cents worth I use s alot of Host IDS installation across diverse systems these exploits that come out are a good test to see how well the system reacts one never trusts a vendor no matter how much hard sell. now i've tested many exploits against different types of Host based IDS out their in my pre-production systems to see the reaction. Some don't 'please restart after 60 seconds pop shown' Some do trap the exploit no apparent effect message on the console logs shows that it has trapped the event Other's stop the exploit no logs shown but causes issues with IIS SSL connectivity not working some time later. Now this is an interesting case did the HIDS stop the exploit, was their some other mitigating issue at the time that was related in the exploit. There was a very good comment early about patching, patch's always breaks products it never the underling OS that is the issues generaly in most cases it is always the vendor product on top that has the issue.I'm not talking about simple web sites, I'm talking about the sites that deal in +9 figure dollar transfers daily, shut down the site for 48 hours to do a fall acceptance testing, I I rather have the exploit released to test than given to a select couple of guys on the internet to play around with whilst the marjority of people are in the dark. Me personally i continuely try to break into my systems, even with patches the response of the system can and is when it is under load then in labatory conditions. The real issue with the exploits really is the major vendors not production clean code, from security point Linux, MS , Sun, IBM are all the same, even mainframes if you want to that far. I love to patch the hell out of machines to 100% but have to mitigate the risk always with more than one solution when more than 50% of the time the patch does not work in production but does in pre-production systems , it is not relatedjust to M$ , I'm not saying that only this exploit I test to check on or versions off, but then i try my types of attacks and see the respone, I have to prove to managment >always< the risk and the amount of effort needed to take. and that is why we are in the security game if everything worked 100% of the time with patches are good setups,we all be out of job and just install from manuals James
Powered by blists - more mailing lists