lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20020908122522.GA2437@elvander.otherlands.net>
From: Azerail at supersecretninjaskills.com (Azerail)
Subject: remote kernel exploits?

My thoughts in-line...

On Sun, 08 Sep 2002, andy_mn@...hmail.com wrote:

> - - I have not seen any incident reports on Incidents, or any other
> mailing list for that matter.

If it's a private exploit, in the hands of one or two people, there
may be a vested interest in not reporting it.

> - - You'd think several high profile sites would've been attacked already
> with such devastating exploits, but I've seen no reports of this. In
> fact, if the kids really did have such an exploit, you'd think they'd
> tag their h4ndl3z all over high profile sites. But according to Alldas,
> high profile defacements have been virtually nonexistent in the last
> year or so.

Not if they are being sneaky and lying low.  A wise decision given
today's political climate.

> - - Given the skill required to craft such an exploit, I'd think it
> would be way out of the grasp of the kids. Since no researcher has
> come forth with such a vulnerability, it's logical to conclude that
> this does not exist.

Not everyone who crafts an exploit is neccessarly a researcher or a
kid.

Anyway, just my thoughts, no basis whatsoever, just based on the
availible information.

Azerail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ