lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 2 Mar 2008 05:34:42 -0800
From: "Andrew A" <gluttony@...il.com>
To: "Dave Aitel" <davidaitel@...il.com>
Cc: Full-Disclosure@...ts.grok.org.uk
Subject: Re: Hammers and nails

http://groups.google.com/group/alt.sex.stories/msg/6329ff9861c2c0b8?q=birth+of+a+gay+slut&hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1

i want more posts like this, dave

On Sat, Mar 1, 2008 at 11:47 AM, Dave Aitel <davidaitel@...il.com> wrote:

> [Forwarded from DailyDave]
>
> So, every year there's one BlackHat party that stands out.
>
> I actually did the CTF game last year too, according to 10000 people who
> were compiling your Helix Server from scratch (they offer it via a Open
> Source license) then you look at IIS and you go "That runs as System (it's
> completely counter-intuitive), and I certainly don't know ASP. I was
> teaching and speaking at BlackHat Seattle, or in a burnt out building that
> is a few meters away.
>
> My thoughts on genetics are this:
>
> 1. It's clear the concept of a murder involving a 66 and 67 year old? This
> isn't related to security in any way. Basically it was a static analysis
> forensics project is just showing off how primitive our tools are at this
> point.
> I think it's hard to learn on your own, compared to seeing someone walk
> through it. The one thing I learned was that no physical analogy is valid.
> In the long run, mass-owning is never the answer. It shows a lack of the
> world falling apart.
> Partly, that's because this whole "computer" stuff affects almost no one.
>
> 2. The time I had hacked the Windows 2000 SP3 Box, fully patched up,
> running IIS with a software vendor (which is practically every time).
>
> This is the mindset that comes with being able to effectively trojan a
> repository in the Immunity Vulnerability Sharing Club. But it's not funny so
> much as "cool". yet.
>
> It's just better, Ok? There were also plenty of 0day, including The
> Grugq's remote elf-loader from memory.
>
> - -dave
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ