|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Hahahaha
From: Bas Alberts (bas.alberts
immunitysec.com)
Date: Tue Aug 02 2005 - 01:46:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Blasted. No members at http://www.schmoo.com/members.html. Foiled
again :(
On Tue, Aug 02, 2005 at 02:23:49AM -0400, Bas Alberts wrote:
> Hahahaha...'hacker ninjas known as the schmoo group'.. potkettle
> industries :D Schmoo, pot, kettle. Very Alanis. What I find even
> more ironic is that this is coming from Brian Caswell snort.org.
>
> *remembers a time when you'd prepend your exploits with tcp reass
> fun to conveniently drop root on any snort on the net*
>
> Oh how I love moral-outrage inspired endeavours, especially when
> organised by prissy whitehats who adhere to encyclopedia definitions
> of 'hacking' and 'hackers'.
>
> Ofcourse in light of our own policies, I advise the Schmoo group
> people to not kill the CANVAS remote, but instead put it to good
> use. Maybe provide it to Immunity under NDA, and we'll put it in
> as an exploit. Circle of life and such.
>
> Also, considering the entire MOSDEF protocol is one big remote
> I'll flag this issue as 'pending'. For the record: critical
> infrastructure, attack paradigm, threat management. Just wanted
> to get that out of the way.
>
> - hints for future audits: look at the horrible way we do integer
> math in the MOSDEF asm stubs. We're well aware, but considering
> it's a 'read code, execute code' protocol... yano? :)
>
> Anyhoo good luck hacking the hackers. Who knows, maybe I'll come
> out and play too. http://www.schmoo.com/members.html right? :)
>
> Love,
> Bas
>
> On Tue, Aug 02, 2005 at 01:28:48AM -0400, Dave Aitel wrote:
> >
> > http://www.securityfocus.com/bid/14446/info
> > Immunity CANVAS Unspecified Remote Vulnerability
> >
> > *Advisories:*
> > *References:*
> >
> > * CANVAS Home Page
> > <http://www.immunitysec.com/products-canvas.shtml> (Immunity Inc.)
> > * DefCon Day 2: Patching Your Hacker Toolkit
> > <http://blogs.washingtonpost.com/securityfix/2005/07/patching_your_e.html>
> > (Washington Post)
> >
> > -dave
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydavelists.immunitysec.com
> > https://lists.immunitysec.com/mailman/listinfo/dailydave
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]