mailing list archives
Re: Security Industry Under Scrutiny: Part 3
From: John <johnpf () atnet net au>
Date: Wed, 11 Dec 2002 12:52:10 +1000
sockz loves you wrote:
----- Original Message -----
From: Silvio Cesare <silvio () big net au>
Date: Fri, 6 Dec 2002 15:15:56 +1100
To: sockz loves you <sockz () email com>
Subject: Re: [Full-disclosure] Security Industry Under Scrutiny: Part 3
The presentations provided visibly show the source to "script kiddy"
usage goes through a disclosure process.. The "script kiddies" are therefore
the only adverseries you display.
what others should i have included that were relative to the debate? i assumed
that if i was describing the flow of information between whitehats and script
kiddies, then i would not need to list any other adversaries because they would
have been outside the scope of the email. perhaps i was wrong? then again you
could mean here that fake-whitehats with fake-advisories are also kinds of
adversaries? i am not clear on this.
As of a very few years ago it was 'generally considered' that the
greatest security risk that could involve monetory costs was from the
disgruntled employee. I wouldn't be surprised if the potential cost of
IIS/Lookout worms has now taken that 'leadership' position. But the
capacity for a pissed-off employee to blow away a database or file
system should not be trivialised. Look at how many root exploits rely on
gaining a local shell!
Just a simple (while true ; do mkdir a ; cd a ; done ) can incapacitate
a server if done at the right time in the right filesystem. As well as
annoy the sysadmin, and in turn cost money. Inode exhaustion is not nice
lol. This is why aging hippies like myself were so annoying in our day -
we realised that the biggest threat to any information system was
through Social Engineering, _not_ through exploit code disclosure.
If I can convince you that I am a Sun Engineer (Hey, I can make a
business card that looks like I'm a Sun Engineer _very_ easily) and I
have some 'secret patch we're not disclosing to the script kiddies' that
I'm here to install on your box, and I have my Evil Friend waiting on
the phone line on the card (we've managed to patch into the phone
exchange in the not so secure tunnel under the xxxxxxxx building
[Building not disclosed because there IS a tunnel I can get at Telstra's
exchange with... regardless of the nature of this list I'm not going to
tell, I got in trouble in my youth and I'm too old for that shit
anymore.] so it's really hard to find us afterward) then I can do all
sorts of bad things to your servers. I only need a shave to be
btw, was good to finally meet you in person last Sunday, I don't believe
that the image you present on this list does you any justice whatsoever.
There are depths to you that may not be apparent to those who only know
you through your posts here
Just a few things to consider,
Full-Disclosure - We believe in it.