Firewall Wizards mailing list archives
Re: Extreme Hacking
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Wed, 7 Jul 1999 14:40:47 -0400
On Wed, Jul 07, 1999 at 11:40:14AM -0400, Marcus J. Ranum wrote:
Ge' Weijers wrote:On the other hand: those who need to develop security-related code, protocols etc. do need to have an awareness of common exploits.Yes, and no. They need to know classes of bugs to avoid, and categories of common mistakes. For example, if you're developing security critical code you need to know what buffer overruns are and how to prevent them -- you do not need an exploit script that tickles a bug in the latest version of BIND.
I've used exploit programs to test my company's products before, and I probably will again. Descriptions of problems are not always enough to reconstruct _exactly_ what's going on in an exploit. A program (fragment) is often the most concise description of an exploit. I agree that we don't need to make things too easy for the script kiddies. Ge' -- - Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400, Columbus OH 43220
Current thread:
- Extreme Hacking Kunz, Peter (Jul 05)
- Re: Extreme Hacking Marcus J. Ranum (Jul 05)
- Re: Extreme Hacking Arjan Vos (Jul 05)
- Re: Extreme Hacking Aleph One (Jul 06)
- Re: Extreme Hacking Marcus J. Ranum (Jul 06)
- Re: Extreme Hacking Ge' Weijers (Jul 06)
- Re: Extreme Hacking Marcus J. Ranum (Jul 12)
- Re: Extreme Hacking Ge' Weijers (Jul 12)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Crispin Cowan (Jul 13)
- Re: Extreme Hacking deab (Jul 06)
- Re: Extreme Hacking Paul Woodie (Jul 06)
- Re: Extreme Hacking Craig H. Rowland (Jul 06)
- Re: Extreme Hacking Crispin Cowan (Jul 08)
- Re: Extreme Hacking Craig H. Rowland (Jul 09)
- Vulnerability Escrow (was: Extreme Hacking) Crispin Cowan (Jul 09)
- Re: Extreme Hacking Joseph S D Yao (Jul 12)
- Re: Extreme Hacking Craig H. Rowland (Jul 12)
- Re: Extreme Hacking Marcus J. Ranum (Jul 05)