Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] New term "RDV" is born

from [J. Oquendo] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] New term "RDV" is born
Date: Fri, 28 Sep 2007 13:34:11 -0400 
Valdis.Kletnieks@vt.edu wrote:


Two months is still recently. Think about "In recent history we invaded
Iraq", "In recent times terrorism has become more prominent".


The real problem here is that "0-day" originally meant "previously

undisclosed

vulnerability/exploit".  The term lost its usefulness when all the hacker
wannabe's started posting "I found a 0-day", when what they really had was
a "*yawn*-we've-been-waiting-18-months-for-vendor-to-fix-day".


Which reminds me, I recently found a vulnerability on all open source
based systems. Seems like whenever there is a program called sudo
installed on the machine - any user can run a command with root
privileges on that machine if sudo is properly configured to allow the
user to do so.

#!/bin/sh
# sudUmb

echo pwnd
sudo shutdown now

# insert one million shout outs to etards here


====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] .NET REMOTING on port 31337, Simon Smith
Next by Date:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug [FIB FOUND/CONFIRMED], Larry Seltzer
Previous by Thread:  Re: [Full-disclosure] New term "RDV" is born, Jimby Sharp
Next by Thread:  Re: [Full-disclosure] New term "RDV" is born, nocfed
Indexes:  [Date] [Thread] [Top] [All Lists]