Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] RE: new internet explorer exploit (was new worm)

from [Drew Copley] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] RE: new internet explorer exploit (was new worm)
Date: Tue, 30 Mar 2004 10:49:15 -0800 
 


-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] 
Sent: Monday, March 29, 2004 5:27 PM
To: Drew Copley
Cc: Jelmer; full-disclosure@lists.netsys.com; 
bugtraq@securityfocus.com
Subject: Re: [Full-Disclosure] RE: new internet explorer 
exploit (was new worm) 

On Mon, 29 Mar 2004 17:14:12 PST, Drew Copley said:

 



Has anybody offered the Microsoft dude who denied the 
existence of 0-days
some ketchup for his fried crow? ;)


I do not recall this quote. Such a quote would be patently 

untrue even

from the viewpoint of legitimate researchers that have open 

bugs with

them. Such bugs are "zero day", though the vendor may be 

aware of them. 

http://news.bbc.co.uk/1/hi/technology/3485972.stm

Sad part was that the CTO for their security business and 
technology unit.

And yes, he was widely derided for it.



I missed this one!

I am generally cynical of "black hat" claims. (But, then again, what
real "black hat" is going to make any claim at all? You think these
Russian guys stealing credit cards are making claims? Or, whoever the
guilty party is?) [Not that criminals don't find an overwhelming need to
brag about their efforts...]

However, you can not prove a negative. You should not need anyone to
tell you that, but if you try and seek the truth in all things -- you
would come across this problem so often you would remember it. 

And, in security, you should never think "all is safe" or even worse,
"there can never be a problem". 

In this man's case... this just downright scares me. The webdav exploit
was huge, and it should have been scary. Why on earth would people not
be alarmed at it?

But, the very understanding of the security community should show
everyone that it is and has been steadily growing all along. The
knowledge is growing. These things are inevitable.

I think we can also reason that these security bugs will be used. Look
at the spyware field and these recent bank/cc stealing worms. Look at
all of the wild political causes out there. You could hardly have a
hotter pot to boil.

**Last note: "hackers" are not "black hats". I hate the whole idea of
people being classified as "good or evil" in that sense. That is not the
way the word has been used within the development field, within the
administration field, nor within the security community. I do not think
a single bug finder out there wears a suit and tie to work. By their
very nature they are unconventional thinkers.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Re: systrace silently patches full local bypass vulnerability on Linux, marius aamodt eriksen
Next by Date:  [Full-Disclosure] RE: new internet explorer exploit (was new worm), Drew Copley
Previous by Thread:  Re: [Full-Disclosure] RE: new internet explorer exploit (was new worm), Valdis . Kletnieks
Next by Thread:  [Full-Disclosure] Re: Re: Re: Your document, illectro2001
Indexes:  [Date] [Thread] [Top] [All Lists]