Bugtraq mailing list archives
Re: underestimating crackers
From: jbash () CISCO COM (John Bashinski)
Date: Thu, 2 Oct 1997 21:00:16 -0700
Cisco is not aware of these vulnerabilities having been exploited by "system crackers", nor of any publicly available exploitation code. Cisco does not believe that the details of the vulnerabilities are widely understood in the cracker community. The theoretical possibility of these vulnerabilities has, however, been discussed fairly openly among PPP security professionals.
Since I wrote that text, I think I can comment on it...
I hope these beliefs that the cracking community is somehow technically inept and incapable of keeping up with the literature and overcoming simple obstacles is not widespread.
I am not operating under the illusion that the people who write the exploits for these things are stupid. That text was based on the fact that we've had absolutely no reports of anybody actually exploiting that vulnerability. Not one. I'm not dumb enough to try to say that it's never been exploited. It may have been, and it may not have been. However, if a lot of people knew how to do it, I'd expect it to happen often enough that somebody would eventually notice it and report it. There are relatively few crackers who actually write their own code, and there are lots of security holes. The "literature" to which you refer is very large. I don't have to think they're incompetent to think that they probably haven't discovered this hole yet. I just think they're busy with other things. -- John B.
Current thread:
- Security Bulletin for telnet services in HP-UX rel. 10.30 Aleph One (Oct 01)
- underestimating crackers Tim Newsham (Oct 01)
- Re: underestimating crackers John Bashinski (Oct 02)
- [RISKS DIGEST 19.40] Possible breakthrough in NP-completeness Brian Tao (Oct 01)
- Possible weakness in LPD protocol Bennett Samowich (Oct 02)
- Re: Possible weakness in LPD protocol Thomas Roessler (Oct 02)
- Re: Possible weakness in LPD protocol Christopher Masto (Oct 03)
- xc Aleph One (Oct 03)
- Re: Possible weakness in LPD protocol Thomas Roessler (Oct 02)
- NT Domain Authentication Protocol - draft Aleph One (Oct 02)
- underestimating crackers Tim Newsham (Oct 01)