|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
underestimating crackers
Tim Newsham (newsham
ALOHA.NET)Wed, 1 Oct 1997 10:02:32 -1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Aleph One: "NT Domain Authentication Protocol - draft"
- Previous message: Bennett Samowich: "Possible weakness in LPD protocol"
- Next in thread: John Bashinski: "Re: underestimating crackers"
I've noticed something frightening in recent advisories from
vendors and software writers:
In cisco's recent advisory about CHAP vulnerabilities:
> Cisco is not aware of these vulnerabilities having been exploited by "system
> crackers", nor of any publicly available exploitation code. Cisco does not
> believe that the details of the vulnerabilities are widely understood in the
> cracker community. The theoretical possibility of these vulnerabilities has,
> however, been discussed fairly openly among PPP security professionals.
In samba's recent advisory about samba overflows:
> The exploit for the security hole is very architecture specific and
> has been only demonstrated to work for Samba servers running on Intel
> based platforms. The exploit posted to the internet is specific to
> Intel Linux servers. It would be very difficult to produce an exploit
> for other architectures but it may be possible.
I hope these beliefs that the cracking community is somehow technically
inept and incapable of keeping up with the literature and overcoming
simple obstacles is not widespread. If it is, I can understand why
security is so poor and crackers are able to waltz through systems
so easily. I'm afraid these people are in for a serious wake up call.
And the sooner, the better.
Tim N.
- Next message: Aleph One: "NT Domain Authentication Protocol - draft"
- Previous message: Bennett Samowich: "Possible weakness in LPD protocol"
- Next in thread: John Bashinski: "Re: underestimating crackers"