lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <433A3F2A.4070104@sec-consult.com>
Date: Wed Sep 28 08:02:11 2005
From: research at sec-consult.com (Bernhard Mueller)
Subject: CORE-Impact license bypass

Valdis.Kletnieks@...edu wrote:
> On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said:
> 
> And note also that "finding a hole" and "be talented enough to create an
> exploit" are *totally* distinct.  I found a rather nasty rootable hole in
> Sendmail a while back (read the release notes for 8.10.1 and the relevant
> manpages for the system linker - that gives enough info to figure out what the
> bug was). Never did create a working exploit for it - I fooled with it for an
> afternoon and only got as far as proving that if somebody were to spend more
> than an afternoon on it, they *could* produce a working exploit.
> 

i agree with this. it's often much easier to find a bug than to exploit
it (see strange heap overflows and the like), and i also don't have the
time to spend days on disassembling and looking for attack vectors (and
i'm sure that other people will have more fun doing just that).
what i criticize is that *lots* of companies (at least here in my
vicinity) are selling cheap "vulnerability assessments" which actually
are nothing more than automated security scans. this leads to the
customer feeling safe when he's really wide open to attacks. often,
these people's networks can be rooted in no time.
sure, you don't have to be uber-31337 to do penetration tests (i'm
certainly not), but it should definitely go beyond the
"scan--+--google-for-exploit" approach.

regards,

-- 
_____________________________________________________

~  DI (FH) Bernhard Mueller
~  IT Security Consultant

~  SEC-Consult Unternehmensberatung GmbH
~  www.sec-consult.com

~  A-1080 Wien  Blindengasse 3
~  Tel:   +43/676/840301718
~  Fax:   +43/(0)1/4090307-590
______________________________________________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ