lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: gcb33 at dial.pipex.com (gcb33@...l.pipex.com)
Subject: no more public exploits

To All,

Well I work in this field so my .00000001 cents worth I use s alot of Host IDS
installation across diverse systems these exploits that come out are a good test
to see how well the system reacts one never trusts a vendor no matter how much
hard sell.

now i've tested many exploits against different types of Host based IDS out
their in my pre-production systems to see the reaction.

Some don't 'please restart after 60 seconds pop shown' 

Some do trap the exploit no apparent effect message on the console logs shows
that it has trapped the event

Other's stop the exploit no logs shown but causes issues with IIS SSL
connectivity not working some time later. Now this is an interesting case did
the HIDS stop the exploit, was their some other mitigating issue at the time
that was related in the exploit.

There was a very good comment early about patching, patch's always breaks
products it never the underling OS that is the issues generaly in most cases it
is always the vendor product on top that has the issue.I'm not talking about
simple web sites, I'm talking about the sites that deal in +9 figure dollar
transfers daily, shut down the site for 48 hours to do a fall acceptance
testing, I I rather have the exploit released to test than given to a select
couple of guys on the internet to play around with whilst the marjority of
people are in the dark. Me personally i continuely try to break into my systems,
even with patches the response of the system can and is when it is under load
then in labatory conditions. The real issue with the exploits really is the
major vendors not production clean code, from security point Linux, MS , Sun,
IBM are all the same, even mainframes if you want to that far.

I love to patch the hell out of machines to 100% but have to mitigate the risk
always with more than one solution when more than 50% of the time the patch does
not work in production but does in pre-production systems , it is not
relatedjust to M$ , I'm not saying that only this exploit I test to check on or
versions off, but then i try my types of attacks and see the respone, 

I have to prove to managment >always< the risk and the amount of effort needed
to take. and that is why we are in the security game if everything worked 100%
of the time with patches are good setups,we all be out of job and just install
from manuals

James


Powered by blists - more mailing lists