Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security Industry Under Scrutiny: Part 3
From: John <johnpf () atnet net au>
Date: Wed, 11 Dec 2002 12:52:10 +1000

sockz loves you wrote:

----- Original Message -----
From: Silvio Cesare <silvio () big net au>
Date: Fri, 6 Dec 2002 15:15:56 +1100
To: sockz loves you <sockz () email com>
Subject: Re: [Full-disclosure] Security Industry Under Scrutiny: Part 3
The presentations provided visibly show the source to "script kiddy"
usage goes through a disclosure process..  The "script kiddies" are therefore
the only adverseries you display.

what others should i have included that were relative to the debate?  i assumed
that if i was describing the flow of information between whitehats and script
kiddies, then i would not need to list any other adversaries because they would
have been outside the scope of the email.  perhaps i was wrong?  then again you
could mean here that fake-whitehats with fake-advisories are also kinds of
adversaries?  i am not clear on this.

Sockz,

As of a very few years ago it was 'generally considered' that the greatest security risk that could involve monetory costs was from the disgruntled employee. I wouldn't be surprised if the potential cost of IIS/Lookout worms has now taken that 'leadership' position. But the capacity for a pissed-off employee to blow away a database or file system should not be trivialised. Look at how many root exploits rely on gaining a local shell!

Just a simple (while true ; do mkdir a ; cd a ; done ) can incapacitate a server if done at the right time in the right filesystem. As well as annoy the sysadmin, and in turn cost money. Inode exhaustion is not nice lol. This is why aging hippies like myself were so annoying in our day - we realised that the biggest threat to any information system was through Social Engineering, _not_ through exploit code disclosure.

If I can convince you that I am a Sun Engineer (Hey, I can make a business card that looks like I'm a Sun Engineer _very_ easily) and I have some 'secret patch we're not disclosing to the script kiddies' that I'm here to install on your box, and I have my Evil Friend waiting on the phone line on the card (we've managed to patch into the phone exchange in the not so secure tunnel under the xxxxxxxx building [Building not disclosed because there IS a tunnel I can get at Telstra's exchange with... regardless of the nature of this list I'm not going to tell, I got in trouble in my youth and I'm too old for that shit anymore.] so it's really hard to find us afterward) then I can do all sorts of bad things to your servers. I only need a shave to be completely unrecognisable.

btw, was good to finally meet you in person last Sunday, I don't believe that the image you present on this list does you any justice whatsoever. There are depths to you that may not be apparent to those who only know you through your posts here


Just a few things to consider,

John


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]