Dailydave mailing list archives
Re: The long tail of vulnerable operating systems
From: "Weston, David G." <DAVID.G.WESTON () saic com>
Date: Wed, 14 Nov 2007 13:57:35 -0800
I agree with Dave that a CTF event with 2k, rh7, etc... is rather silly. That type of deployment is just fine when your training newb pen testers or demonstrating concepts. But, isn't the point of having a CTF at a conference to make it a competition/showcase? I know I personally consider qualifying for a Kenshoto run CTF like Defcon a huge statement about the skill of the participants and creates a reputation for the competition itself. I always thought a nice challenge would be to deploy known exploitable services on boxes with ASLR, N^X, heap and stack canaries, etc... It takes a fair bit of skill implement new protection bypass techniques to old exploits in a CTF environment/timeframe. We can all enjoy a game of basketball in the park but we *pay* to watch the knicks (well we used to anyway!) Thanks, David Weston Security Engineer SAIC -----Original Message----- From: dailydave-bounces () lists immunitysec com on behalf of Katie M Sent: Mon 11/12/2007 9:57 AM To: Dave aitel Cc: Dailydave () lists immunitysec com Subject: Re: [Dailydave] The long tail of vulnerable operating systems Hey Dave, Lots of places have older OSes deployed, perhaps only internally as you mentioned, but companies are rife with them, and sometimes closer to the perimeter than you'd expect. On a consulting enagagement, I met a Fortune 50 company that had a massive internal deployment of Windows 98 (yeah, I know, weird but here's why) because they had some biz critical crapplication that nearly everyone needed to use that would only run on Win98. I told them to hire some developers or interns or somebody, anybody, to rewrite the thing from scratch. :-) Of course they and all those other places that run old OSes *should* welcome themselves into this millenium's operating systems -- we all agree there. No need to start arguing the obvious. But the point is that more than enough orgs (won't or) don't have the resources to upgrade (or to update) due to app compatibility. That's the reality and the reason why attacking older OSes at a CTF-like event is still pertinent and practical. My 0.01 pence. -Katie On Nov 12, 2007 3:03 AM, Dave aitel <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So every CTF I've played recently (like the one at CSI last week) has a target set of Windows 2000 and extremely old Linux (say, RedHat 8). I'm pretty sure that on any modern network you don't find a whole lot of either of these. There's always the people who still run NT4 and SCO OpenServer, but you have to look pretty far for them. But yet, no real remote exploits exist for Fedora Core 1, much less 7. Solaris has XFS and a few other remotes, but no one runs Solaris any more except the US Government, that I can tell. Even assuming you see some Solaris or AIX or whatever, you end up being so deep in the network already to find it that you've already got all the passwords and don't need exploits. But old operating systems will continue to live forever in CTF, I assume. Sort of as a sign of the times, while I was playing CTF on the Windows machine provided, I browsed the web briefly and my machine was immediately taken over by some really annoying spyware. So for the rest of the game I got to spend a lot of time clicking "close" on IE windows that kept popping up. Anyways, if you want to chat about it or grieve the pain of lost 0day, and you live in London then you should come to Immunity Pub Night In London Saturday Nov 24 at 6pm at the Price Arthur 80-82 Eversholt Street. I'll put 200 quid on the bar to help you drown your sorrows. RSVP to admin () immunityinc com! - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHODL5tehAhL0gheoRAr/lAJ0R5KiL+pV4rRfa40rG5jXFhV/cXQCfXXYe P1VlnlQE5Uf6rDxcS2Pn0Zc= =aU96 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: The long tail of vulnerable operating systems, (continued)
- Re: The long tail of vulnerable operating systems Dude VanWinkle (Nov 13)
- Re: The long tail of vulnerable operating systems Thomas Ptacek (Nov 13)
- Re: The long tail of vulnerable operating systems Matt Hargett (Nov 15)
- Re: The long tail of vulnerable operating systems Steve Shockley (Nov 13)
- Re: The long tail of vulnerable operating systems Katie M (Nov 13)
- Re: The long tail of vulnerable operating systems Darryl Luff (Nov 14)
- Re: The long tail of vulnerable operating systems dan (Nov 15)
- Re: The long tail of vulnerable operating systems Adriel Desautels (Nov 14)
- Re: The long tail of vulnerable operating systems Katie M (Nov 15)
- Re: The long tail of vulnerable operating systems Adriel Desautels (Nov 15)
- Re: The long tail of vulnerable operating systems Darryl Luff (Nov 14)
- Re: The long tail of vulnerable operating systems Weston, David G. (Nov 15)
- Re: The long tail of vulnerable operating systems Chris Eagle (Nov 13)
- Re: The long tail of vulnerable operating systems Joseph McCray (Nov 17)