lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BB95477B.6A06%dhoelzer@cyber-defense.org>
From: dhoelzer at cyber-defense.org (David Hoelzer)
Subject: Is Marty Lying?

Dude...  Reading your inane posts helps me to better understand why you feel
that sticking an "A+" cert in your signature will make us think you have a
clue.

On 9/22/03 10:04 AM, "    security snot" <booger@...xclan.net> wrote:

> I just finished reading Phrack 62's article on Sneeze, and some of the
> threads here concerning the matter, and I must admit that I am bothered by
> some of the responses.  There is nothing I hate quite as much as vendors
> who lie to their customers, except perhaps vendors that are too stupid to
> realize what really happened.  I guess Marty assumes that anyone dumb
> enough to buy the hype of signature-based IDS and to think products like
> Snort/OpenSnort have any value as a security mechanism, is going to be too
> stupid to think independantly to arrive to a conclusion to what most
> likely did happen with the Snort.org compromise.
> 
> First, if you look at the output from 'w' (I read a great article by BMcW
> talking about the unix command 'w' being run on the ever-secure
> cvs.openbsd.org by a malicious intruder, thanks Brian!), you'll notice
> that users from the hacked box were logging in to www.sourcefire.com, and
> some nameservers.  The compromise must definately have been limited to
> that single machine!  No intruder would be smart enough to log
> authentication credentials on one hacked machine to get to anther!
> 
> Second, Marty speaks about the machine being "removed" from the rest of
> their network so if it gets compromised, it doesn't actually affect the
> Snort/Sourcefire network's security.  Yet being proactively secure, and
> assuming that a machine si going to get compromised, then logging into
> your corporate network from that machine doesn't seem like a very
> intelligent practice now, does it?  Security is policy based, and these
> dopes can't understand that.
> 
> Some good questions are:
> 1) If the intrusion were limited to a single "shellbox" then why did they
> need to audit the code in CVS to see if it was backdoored?
> 
> 2) If the Snort developers cannot configure Snort to detect attacks on
> their own networks, why are you hiring Sourcefire to install said
> mechanisms on your network to protect you?
> 
> 3) Why the fuck do people still thing signature-based IDS is worthwhile?
> 
> Get a clue, everyone.
> 
> 
> Marty - I look forward to your reply here; we'll follow up with a critique
> of your incoherent coding practices.l
> 
> - snot, the one and only infosec mucas
> 
> -----------------------------------------------------------
> "Whitehat by day, booger at night - I'm the security snot."
> - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
> -----------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ