Full Disclosure mailing list archives
Re: credibility (was 'more security people')
From: "Jeremiah Cornelius" <jeremiah () nur net>
Date: Wed, 4 Feb 2004 15:33:46 -0800
<SNIPPAGE>
There should be a hands-on challenge to any security certification requirements. Perhaps something like: "Find and infiltrate the PaX protected system on network X. You must write your own exploit to gain root through ssh using return-into-libc. Remove all traces of your intrusion from the logs (they're append only). Don't alert the Snort box." I don't have a CISSP btw so I'm biased.
Yeah. Give me 6 to 9 months on that one, guy! Your point is well taken - but I think that someone who is able outline the issues from scratch (as you have just done here) is good enough on the issues side to contribute in a meaningful way. So - how many unpublished roots to ssh do you have, anyway? ;-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: credibility (was 'more security people') Steven Alexander (Feb 04)
- Re: credibility (was 'more security people') Jeremiah Cornelius (Feb 04)
- Re: credibility (was 'more security people') InCisT (Feb 04)