Bugtraq mailing list archives
Re: Re: Re: Solaris telnet vulnberability - how many on your network?
From: thefinn12345 () gmail com
Date: 16 Feb 2007 03:23:35 -0000
I believe in the early 90's there was a serious problem discovered in intel chips that allowed certain standard code to be run to overflow programs arbitrarily and gain access to operating systems in an administrative capacity. Also I remember the redhat (back in the day) repository being hacked and backdoored versions of programs being put into it. I believe this also happened to an early version of debian or fedora at some point also. But I think you miss the point. When they aren't preparing for security problems, the job of most security professionals is to observe and react to these kinds of security problems. The observer will exploit anything you are lax on. Discarding a security concern because it doesn't seem important or of value to you is kinda stupid, you should probably go find some other kind of work. Everything is important, everything should be examined when and if possible. Thus the thread certainly has merit. It really makes me giddy when I see posts by trolls saying that security through obscurity isn't really important, or that examining a possible act of malice WITHIN one of the companies that is giving you software is not really an important factor. Even if it isn't an act of malice BY THEM, perhaps they have been hacked at the very top levels of their software storage or their source code itself. Perhaps something has gone wrong (what? no, couldn't be?). Dismissing it is as stupid as dismissing the possibility that running some unnamed, unknown executable on your windows box isn't a problem. Scarey stuff. The job is to be paranoid. Not to be dismissive of those who ARE. TheFinn.
Current thread:
- RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network?, (continued)
- RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network? David Taylor (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Darren Reed (Feb 15)
- Re: Solaris telnet vulnberability - how many on your network? Leandro Gelasi (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? thefinn12345 (Feb 15)
- Re: Re: Solaris telnet vulnberability - how many on your network? thefinn12345 (Feb 15)
- RE: Re: Solaris telnet vulnberability - how many on your network? Roger A. Grimes (Feb 15)
- Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 15)
- Re: Re: Solaris telnet vulnberability - how many on your network? Hugo van der Kooij (Feb 16)
- RE: Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 16)
- Re: RE: Re: Solaris telnet vulnberability - how many on your network? thefinn12345 (Feb 16)
- Re: Re: Re: Solaris telnet vulnberability - how many on your network? thefinn12345 (Feb 16)
- Re: Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Anthony R. Nemmer (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? greimer (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Darren Reed (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Nate Eldredge (Feb 17)
- RE: Solaris telnet vulnberability - how many on your network? Michael Wojcik (Feb 20)
- RE: Solaris telnet vulnberability - how many on your network? Nate Eldredge (Feb 20)
- Re: Solaris telnet vulnberability - how many on your network? Edsel Adap (Feb 21)
- Re: Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Cromar Scott (Feb 17)