| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.50.0509271807270.30910-100000@kegger.national-security.net> Date: Wed Sep 28 02:37:54 2005 From: fd at ew.nsci.us (fd@...nsci.us) Subject: CORE-Impact license bypass On Tue, 27 Sep 2005, Bernhard Mueller wrote: > Exibar wrote: > > I didn't mean to imply that the consultants create their own exploits, > > not many I know could even begin to do that, only a couple are talented > > enough to do just that. Even for those very few, it's just not feasable > > from a time perspective. Much quick and cost effective to use what's out > > there. > > > > so what use is a pentest if the consultant isn't even talented enough to > find / create exploits for unknown vulnerabilities? > any average admin can install and run an automatic security scanner. > furthermore, a common nessus report contains 99% useless garbage. and > most of the time, you can not apply generic exploits like these from > metasploit to a specific customer situation. It should also be noted that many security flaws in Customer networks are in design and therefore implementation. The real issue comes down to client-side security. Most pentests are are trivial after an attack from Eve, even if the first person she emails in the organization sees through it ... X-From: Eve From: Bob Hi Alice! Can you get me a quote for the parts we need in the attached spreadsheet? Thank you! -Bob <<Attachment:parts.xls.exe>> --Eric
Powered by blists - more mailing lists