Full Disclosure mailing list archives
Re: no more public exploits
From: gcb33 () dial pipex com
Date: Wed, 28 Apr 2004 15:06:25 +0100
To All, Well I work in this field so my .00000001 cents worth I use s alot of Host IDS installation across diverse systems these exploits that come out are a good test to see how well the system reacts one never trusts a vendor no matter how much hard sell. now i've tested many exploits against different types of Host based IDS out their in my pre-production systems to see the reaction. Some don't 'please restart after 60 seconds pop shown' Some do trap the exploit no apparent effect message on the console logs shows that it has trapped the event Other's stop the exploit no logs shown but causes issues with IIS SSL connectivity not working some time later. Now this is an interesting case did the HIDS stop the exploit, was their some other mitigating issue at the time that was related in the exploit. There was a very good comment early about patching, patch's always breaks products it never the underling OS that is the issues generaly in most cases it is always the vendor product on top that has the issue.I'm not talking about simple web sites, I'm talking about the sites that deal in +9 figure dollar transfers daily, shut down the site for 48 hours to do a fall acceptance testing, I I rather have the exploit released to test than given to a select couple of guys on the internet to play around with whilst the marjority of people are in the dark. Me personally i continuely try to break into my systems, even with patches the response of the system can and is when it is under load then in labatory conditions. The real issue with the exploits really is the major vendors not production clean code, from security point Linux, MS , Sun, IBM are all the same, even mainframes if you want to that far. I love to patch the hell out of machines to 100% but have to mitigate the risk always with more than one solution when more than 50% of the time the patch does not work in production but does in pre-production systems , it is not relatedjust to M$ , I'm not saying that only this exploit I test to check on or versions off, but then i try my types of attacks and see the respone, I have to prove to managment >always< the risk and the amount of effort needed to take. and that is why we are in the security game if everything worked 100% of the time with patches are good setups,we all be out of job and just install from manuals James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Detecting newly added Windows Services (was: no more public exploits), (continued)
- Detecting newly added Windows Services (was: no more public exploits) Marcel Krause (Apr 28)
- RE: no more public exploits Douglas Carvalho (Apr 27)
- RE: no more public exploits Ng, Kenneth (US) (Apr 27)
- Re: no more public exploits Dave Aitel (Apr 27)
- Re: no more public exploits nicolas vigier (Apr 27)
- Re: no more public exploits Dave Aitel (Apr 27)
- Re: no more public exploits Dave Aitel (Apr 27)
- RE: no more public exploits Ng, Kenneth (US) (Apr 27)
- Re: no more public exploits chris (Apr 27)
- Re: no more public exploits james (Apr 27)
- Re: no more public exploits Felipe Cerqueira - skylazart (Apr 28)
- Re: no more public exploits gcb33 (Apr 28)
- Re: no more public exploits Evgeny Demidov (Apr 28)
- RE: no more public exploits xavier.poli (Apr 28)
- Re: no more public exploits Evgeny Demidov (Apr 28)
- RE: no more public exploits xavier.poli (Apr 28)
- no more public exploits Helmut Hauser (Apr 29)