Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Dailydave] Advisory Day!
From: Rodney Thayer (rodneycanola-jones.com)
Date: Wed Mar 03 2004 - 13:35:42 CST
At 02:12 PM 3/3/2004 -0500, Dave Aitel wrote:
>Yes, it's time for another "advisory". As I don't believe advisories
>really accomplish anything
Well, for one thing, if you point out you do in fact know how
to issue advisories it might help get companies listen when
you file bug reports. Might, of course.
> RealSecure, NAI, etc - do bugs in security
>software products make everyone else laugh?
Well, one certainly wonders what they do with all that
bloody scanning kit if they don't run it against their own gear.
I assume all of EEye's products are being scanned at the submolecular
level by vast teams in suburban Atlanta, as we speak ;-)
suppose a box ships with no shell access by default, but with
a linux kernel and a shell installed, and with a mechanism available
to get to the shell. Are local shell-based exploits then a realistic
I think that, if the vendor shipped BASH on the box, then someone, someday,
is going to run BASH. I think that's the line. If you don't want people
running a shell, ever, then don't ship a shell.