lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <EKECJMGPAACGOMIGLJJDEEPKDPAA.geoincidents@getinfo.org>
From: geoincidents at getinfo.org (Geo.)
Subject: Re: Second critical mremap() bug found in all Linux kernels

>>Yes but it doesn't mean that we have to deliver tools any script kiddie
can take and go ahead for hacking!<<

I submit to the security industry that this is exactly what is required.
Allow me to explain.

Without worms, virus, and hacking, exactly what reason would the masses of
high bandwidth home machines have to patch? What would motivate the armies
of lazy computer owners to lock their machines down so that the internet is
not at risk of someone using known exploits to build an army of floodbots
and take control of the internet flooding off anyone who opposes them?

It is a very real danger that we have already seen beginning and if security
is not a concern then how do we protect ourselves from this sort of thing
happening?

One solution is report exploits, allow vendors sufficient time to create and
test patches, allow the masses sufficient time to apply those patches, then
release point and shoot exploit code so that the remaining unpatched
machines are now at a very real risk. Provide script kiddie tools that don't
allow control but do allow you to effect just the exploitable box by perhaps
coding them to make it easy to shutdown the box (high annoyance factor but
not perm damage). This provides the motivation to secure the world network
so that the number of exploitable boxes doesn't reach such a level that no
segment is safe.

Digital Darwinism.

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ