Dailydave mailing list archives
Re: Hahahaha
From: Bas Alberts <bas.alberts () immunitysec com>
Date: Tue, 2 Aug 2005 02:23:49 -0400
Hahahaha...'hacker ninjas known as the schmoo group'.. potkettle industries :D Schmoo, pot, kettle. Very Alanis. What I find even more ironic is that this is coming from Brian Caswell @ snort.org. *remembers a time when you'd prepend your exploits with tcp reass fun to conveniently drop root on any snort on the net* Oh how I love moral-outrage inspired endeavours, especially when organised by prissy whitehats who adhere to encyclopedia definitions of 'hacking' and 'hackers'. Ofcourse in light of our own policies, I advise the Schmoo group people to not kill the CANVAS remote, but instead put it to good use. Maybe provide it to Immunity under NDA, and we'll put it in as an exploit. Circle of life and such. Also, considering the entire MOSDEF protocol is one big remote I'll flag this issue as 'pending'. For the record: critical infrastructure, attack paradigm, threat management. Just wanted to get that out of the way. - hints for future audits: look at the horrible way we do integer math in the MOSDEF asm stubs. We're well aware, but considering it's a 'read code, execute code' protocol... yano? :) Anyhoo good luck hacking the hackers. Who knows, maybe I'll come out and play too. http://www.schmoo.com/members.html right? :) Love, Bas On Tue, Aug 02, 2005 at 01:28:48AM -0400, Dave Aitel wrote:
http://www.securityfocus.com/bid/14446/info Immunity CANVAS Unspecified Remote Vulnerability *Advisories:* *References:* * CANVAS Home Page <http://www.immunitysec.com/products-canvas.shtml> (Immunity Inc.) * DefCon Day 2: Patching Your Hacker Toolkit <http://blogs.washingtonpost.com/securityfix/2005/07/patching_your_e.html> (Washington Post) -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Hahahaha Dave Aitel (Aug 01)
- Re: Hahahaha H D Moore (Aug 01)
- Re: Hahahaha H D Moore (Aug 01)
- Re: Hahahaha Blue Boar (Aug 01)
- Re: Hahahaha Bas Alberts (Aug 01)
- Re: Hahahaha Bas Alberts (Aug 01)
- Message not available
- Re: Hahahaha Bas Alberts (Aug 02)
- Re: Hahahaha Bas Alberts (Aug 01)
- Re: Hahahaha H D Moore (Aug 01)
- Re: Hahahaha security curmudgeon (Aug 08)
- Re: Hahahaha H D Moore (Aug 08)