Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: "Fire and forget" exploits?
From: "Bruce Ediger" <eballen1 () qwest net>
Date: Fri, 20 Oct 2006 10:09:13 -0600 (MDT)

On Fri, 20 Oct 2006, Brendan Dolan-Gavitt wrote:

 It seems like this kind of exploit is dying out, particularly as
different flavors of Linux proliferate, each with their own slightly
different libc and userland; in the Windows world, however, we still
find "universal" exploits that work on NT4/2k/XP over a variety of
service packs.

Doesn't this implicitly support Dan Geer et al's argument about
software monoculture?

In fact, wouldn't the "linux monoculture" concept constitute a bit
of a misnomer?  Each "slightly different" userland and libc would constitute
a different flavor, right?

Nevertheless, the received wisdom remains that "If linux took over from
Windows tomorrow, all the hackers would concentrate on linux flaws, and
we'd be in the same position."

Bruce Ediger
eballen1 () qwest net

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]