[EMAIL PROTECTED] wrote: > On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said: > > And note also that "finding a hole" and "be talented enough to create an > exploit" are *totally* distinct. I found a rather nasty rootable hole in > Sendmail a while back (read the release notes for 8.10.1 and the relevant > manpages for the system linker - that gives enough info to figure out what the > bug was). Never did create a working exploit for it - I fooled with it for an > afternoon and only got as far as proving that if somebody were to spend more > than an afternoon on it, they *could* produce a working exploit. >
i agree with this. it's often much easier to find a bug than to exploit it (see strange heap overflows and the like), and i also don't have the time to spend days on disassembling and looking for attack vectors (and i'm sure that other people will have more fun doing just that). what i criticize is that *lots* of companies (at least here in my vicinity) are selling cheap "vulnerability assessments" which actually are nothing more than automated security scans. this leads to the customer feeling safe when he's really wide open to attacks. often, these people's networks can be rooted in no time. sure, you don't have to be uber-31337 to do penetration tests (i'm certainly not), but it should definitely go beyond the "scan--+--google-for-exploit" approach. regards, -- _____________________________________________________ ~ DI (FH) Bernhard Mueller ~ IT Security Consultant ~ SEC-Consult Unternehmensberatung GmbH ~ www.sec-consult.com ~ A-1080 Wien Blindengasse 3 ~ Tel: +43/676/840301718 ~ Fax: +43/(0)1/4090307-590 ______________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
