| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: geoincidents at getinfo.org (Geo.) Subject: Re: Second critical mremap() bug found in all Linux kernels >>Yes but it doesn't mean that we have to deliver tools any script kiddie can take and go ahead for hacking!<< I submit to the security industry that this is exactly what is required. Allow me to explain. Without worms, virus, and hacking, exactly what reason would the masses of high bandwidth home machines have to patch? What would motivate the armies of lazy computer owners to lock their machines down so that the internet is not at risk of someone using known exploits to build an army of floodbots and take control of the internet flooding off anyone who opposes them? It is a very real danger that we have already seen beginning and if security is not a concern then how do we protect ourselves from this sort of thing happening? One solution is report exploits, allow vendors sufficient time to create and test patches, allow the masses sufficient time to apply those patches, then release point and shoot exploit code so that the remaining unpatched machines are now at a very real risk. Provide script kiddie tools that don't allow control but do allow you to effect just the exploitable box by perhaps coding them to make it easy to shutdown the box (high annoyance factor but not perm damage). This provides the motivation to secure the world network so that the number of exploitable boxes doesn't reach such a level that no segment is safe. Digital Darwinism. Geo.
Powered by blists - more mailing lists