Re: credibility (was 'more security people')

["Jeremiah Cornelius" <jeremiah () nur net>]

<SNIPPAGE>
> There should be a hands-on challenge to any security certification
> requirements.  Perhaps something like: "Find and infiltrate the PaX
> protected system on network X.  You must write your own exploit to gain
> root through ssh using return-into-libc.  Remove all traces of your
> intrusion from the logs (they're append only).  Don't alert the Snort
> box." 
>
> I don't have a CISSP btw so I'm biased.


Yeah.  Give me 6 to 9 months on that one, guy!

Your point is well taken - but I think that someone who is able outline the issues from scratch (as you have just done 
here) is good enough on the issues side to contribute in a meaningful way.

So - how many unpublished roots to ssh do you have, anyway? ;-)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html