Valdis.Kletnieks@vt.edu wrote:
On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said:
And note also that "finding a hole" and "be talented enough to create an
exploit" are *totally* distinct. I found a rather nasty rootable hole in
Sendmail a while back (read the release notes for 8.10.1 and the relevant
manpages for the system linker - that gives enough info to figure out what the
bug was). Never did create a working exploit for it - I fooled with it for an
afternoon and only got as far as proving that if somebody were to spend more
than an afternoon on it, they *could* produce a working exploit.
i agree with this. it's often much easier to find a bug than to exploit
it (see strange heap overflows and the like), and i also don't have the
time to spend days on disassembling and looking for attack vectors (and
i'm sure that other people will have more fun doing just that).
what i criticize is that *lots* of companies (at least here in my
vicinity) are selling cheap "vulnerability assessments" which actually
are nothing more than automated security scans. this leads to the
customer feeling safe when he's really wide open to attacks. often,
these people's networks can be rooted in no time.
sure, you don't have to be uber-31337 to do penetration tests (i'm
certainly not), but it should definitely go beyond the
"scan--+--google-for-exploit" approach.
regards,
--
_____________________________________________________
~ DI (FH) Bernhard Mueller
~ IT Security Consultant
~ SEC-Consult Unternehmensberatung GmbH
~ www.sec-consult.com
~ A-1080 Wien Blindengasse 3
~ Tel: +43/676/840301718
~ Fax: +43/(0)1/4090307-590
______________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
