lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030923144721.GB1563@dreams.soze.net>
From: justin-fulldisclosure at soze.net (Justin)
Subject: Is Marty Lying?

Florin Andrei (2003-09-22 23:25Z) wrote:

> On Mon, 2003-09-22 at 14:13, security snot wrote:
> > "Detect intrusions" - if you can set an IDS signature for something, then
> > you shouldn't be vulnerable to it.  So the functionality of IDS is to tell
> > you when you've been compromised by six-month old public vulnerabilities
> > that dvdman has finally gotten his hands on an exploit for, that you never
> > bothered to patch for?
> 
> True, in an ideal world.
> However, in the _real_ one, things are slightly different. Especially on
> large networks (> thousands of systems), funny things start to happen.

Not even true in the ideal world.  You can add IDS sigs for symptoms of
breakins (e.g. shellcode) rather than vuln-specific signatures.  But
perhaps security snot has some magical cure for every possible
unidentified remote security flaw?

-- 
No man is clever enough to          Times are bad.  Children no longer
know all the evil he does.          obey their parents, and everyone
-Francois de la Rochefoucauld       is writing a book.  -Cicero


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ