lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01ad01c5c409$00aacaf0$0100a8c0@nuclearwinter>
Date: Wed Sep 28 12:42:27 2005
From: sk at groundzero-security.com (sk)
Subject: CORE-Impact license bypass

>what i criticize is that *lots* of companies (at least here in my
>vicinity) are selling cheap "vulnerability assessments" which actually
>are nothing more than automated security scans. this leads to the
>customer feeling safe when he's really wide open to attacks. often,
>these people's networks can be rooted in no time.
>sure, you don't have to be uber-31337 to do penetration tests (i'm
>certainly not), but it should definitely go beyond the
>"scan--+--google-for-exploit" approach.

i totally agree on that. another thing i have to say is that you can sell
your auto
penetration tests, but those which advertise with *professional* pen-tests
should actually know how to exploit a bug and understand the concept
and not just run an automated tool as thats simply a rip off of the
customer.
too many of those consultants just do the bullshit talking to convince the
customer to keep buying their services. they dont need to know much..
and certainly dont. every real professional can't do his job without manual
work.
that includes auditing custom php/cgi scripts which where written specific
for
the target system for example and such things wont be spotted by the
automated tools. this could lead to undetected command execution,sql
injection
or info leak bugs on the customer system, which a hacker will easily spot if
he
does his usual manual work. so a pen test is way more reliable and
professional
if its done with real hacking or do you think real hackers only use
automated tools ?
script kiddies do, but those are unprofessional cluless kids and its the
same compared
to penetration tests. real pen testers know how to hack a system and lame
ones just
run automated tools.

-sk

GroundZero Security Research and Software Development
http://www.groundzero-security.com

Wir widersprechen der Nutzung oder ?bermittlung unserer Daten
f?r Werbezwecke oder f?r die Markt- oder Meinungsforschung (? 28 Abs. 4
BDSG).

pub  1024D/69928CB8 2004-09-27 Stefan Klaas <sk@...undzero-security.com>
sub  2048g/2A3C7800 2004-09-27

Key fingerprint = A93E 41F8 7E82 5F2C 3E76  41F1 4BCF 3096 6992 8CB8

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9
UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+
xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6
LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr
fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2
tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ
eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H
cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA
tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts
YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL
BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7
HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY
eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn
w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh
D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0
SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr
cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT
NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G
4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB
Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd
tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp
bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU
NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp
koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1
Ow==
=E0o1
-----END PGP PUBLIC KEY BLOCK-----

Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der
richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben,
informieren
Sie bitte sofort den Absender und vernichten Sie diese E-Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder
von
Teilen dieser E-Mail ist nicht gestattet.

This E-mail might contain confidential information. If you are not the right
addressee
or you have recived this Mail in error, please inform the Sender as soon as
possible
and delete this E-Mail immediately. You are not allowed to make any copies
or
relay this E-Mail.

----- Original Message ----- 
From: "Bernhard Mueller" <research@...-consult.com>
To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
Sent: Wednesday, September 28, 2005 8:58 AM
Subject: Re: [Full-disclosure] CORE-Impact license bypass


> Valdis.Kletnieks@...edu wrote:
> > On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said:
> >
> > And note also that "finding a hole" and "be talented enough to create an
> > exploit" are *totally* distinct.  I found a rather nasty rootable hole
in
> > Sendmail a while back (read the release notes for 8.10.1 and the
relevant
> > manpages for the system linker - that gives enough info to figure out
what the
> > bug was). Never did create a working exploit for it - I fooled with it
for an
> > afternoon and only got as far as proving that if somebody were to spend
more
> > than an afternoon on it, they *could* produce a working exploit.
> >
>
> i agree with this. it's often much easier to find a bug than to exploit
> it (see strange heap overflows and the like), and i also don't have the
> time to spend days on disassembling and looking for attack vectors (and
> i'm sure that other people will have more fun doing just that).
> what i criticize is that *lots* of companies (at least here in my
> vicinity) are selling cheap "vulnerability assessments" which actually
> are nothing more than automated security scans. this leads to the
> customer feeling safe when he's really wide open to attacks. often,
> these people's networks can be rooted in no time.
> sure, you don't have to be uber-31337 to do penetration tests (i'm
> certainly not), but it should definitely go beyond the
> "scan--+--google-for-exploit" approach.
>
> regards,
>
> -- 
> _____________________________________________________
>
> ~  DI (FH) Bernhard Mueller
> ~  IT Security Consultant
>
> ~  SEC-Consult Unternehmensberatung GmbH
> ~  www.sec-consult.com
>
> ~  A-1080 Wien  Blindengasse 3
> ~  Tel:   +43/676/840301718
> ~  Fax:   +43/(0)1/4090307-590
> ______________________________________________________
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ