Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Local versus remote security holes

from [David Brodbeck] Network Security [Permanent Link]
Subject: RE: Local versus remote security holes
Date: Wed, 22 Dec 2004 15:59:12 -0500 
-----Original Message-----
From: Adam Shostack [mailto:adam@homeport.org]



There is a rough standard for what local and remote mean.  The
standard may not be as precise as you'd like.  Using old terms with
new definitions doesn't advance the debate, it generates confusion.
This is especially the case when you haven't rigorously defined the
proposed new meanings of the terms.


I think all this conversation is doing is showing that the terms 'local' and
'remote' are vague and maybe not terribly useful anymore.


I've long advocated 'credentialed' to refer to attacks where a user of
the system can execute the attack, and 'anonymous' or
'non-credentialed' to refer to refer to attacks on servers, such as
httpd, ftpd, or named.  These attacks can be launched by anyone, from
anywhere (barring interference from firewalls or the like).


That'd be a good start.  In most cases what people really want to know when
they look at 'remote' or 'local' attacks is whether any random person on the
Internet can execute the attack, or whether they only have to worry about
their own users.  This is especially true at small sites where if a local
user acts up, the sysadmin can just go dope slap them. ;)  I take it under
your system, the NASM vulnerability would be considered "credentialed"?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan
Next by Date:  RE: Crystal FTP Pro 2.8 PoC, cybertronic
Previous by Thread:  stick with "anonymous" or "authenticated" when describing attacks, Jonathan G. Lampe
Next by Thread:  MDKSA-2004:154 - Updated kdelibs packages fix multiple vulnerability, Mandrake Linux Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]