lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 2 Mar 2008 06:47:04 +1100
From: "Dave Aitel" <davidaitel@...il.com>
To: Full-Disclosure@...ts.grok.org.uk
Subject: Hammers and nails

[Forwarded from DailyDave]

So, every year there's one BlackHat party that stands out.

I actually did the CTF game last year too, according to 10000 people who
were compiling your Helix Server from scratch (they offer it via a Open
Source license) then you look at IIS and you go "That runs as System (it's
completely counter-intuitive), and I certainly don't know ASP. I was
teaching and speaking at BlackHat Seattle, or in a burnt out building that
is a few meters away.

My thoughts on genetics are this:

1. It's clear the concept of a murder involving a 66 and 67 year old? This
isn't related to security in any way. Basically it was a static analysis
forensics project is just showing off how primitive our tools are at this
point.
I think it's hard to learn on your own, compared to seeing someone walk
through it. The one thing I learned was that no physical analogy is valid.
In the long run, mass-owning is never the answer. It shows a lack of the
world falling apart.
Partly, that's because this whole "computer" stuff affects almost no one.

2. The time I had hacked the Windows 2000 SP3 Box, fully patched up, running
IIS with a software vendor (which is practically every time).

This is the mindset that comes with being able to effectively trojan a
repository in the Immunity Vulnerability Sharing Club. But it's not funny so
much as "cool". yet.

It's just better, Ok? There were also plenty of 0day, including The Grugq's
remote elf-loader from memory.

- -dave

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ