Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Solaris telnet vulnberability - how many on your n

from [Michal Zalewski] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?
Date: Tue, 13 Feb 2007 20:36:20 +0100 (CET) 
On Tue, 13 Feb 2007, Gadi Evron wrote:


I have to agree with a previous poster and suspect (only suspect) it
could somehow be a backdoor rather than a bug.


You're attributing malice to what could be equally well (or better!)
explained by incompetence or gross negligence. The latter two haunt large
companies far more often, compared to sinister conspiracies.

Yeah, a backdoor is a remote possibility. But it's also an arbitrary and
needlessly complex one. Maybe it's a nefarious plot by our UFO-appointed
shadow government, but chances are, it's not (they have better things to
do today).

Keep that in mind: when risking so much, of all the places to put a covert
backdoor to use for years to come, pulling out a known flaw that will be
spotted by many existing vulnerability scanners, and putting it in a
service that is often disabled as obsolete and generally unreachable from
the outside world, doesn't really make that much sense.

Unless, of course, it's a sabotage attempt orchestrated by a joint team of
IBM and SCO developers... now, that begins to make sense..

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Solaris telnet vulnberability - how many on your network?, Gadi Evron
Next by Date:  Re: DotClear Full Path Disclosure Vulnerability, Cedric Blancher
Previous by Thread:  RE: Solaris telnet vulnberability - how many on your network?, Gadi Evron
Next by Thread:  Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]