|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Dailydave Digest, Vol 12, Issue 9
From: James Hansen (jhansen
sensage.com)
Date: Wed Jul 12 2006 - 11:48:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yes. He was on a customer use case panel and was to talk about how he uses sensage. NI and arcsight both had great presenters, one of which is JP morgan, who is also using us (which they didn't mention of course. )
Unfortunate that he wasn't here.
-----Original Message-----
From: dailydave-requestlists.immunitysec.com
To: dailydavelists.immunitysec.com
Sent: 7/12/06 11:50 AM
Subject: Dailydave Digest, Vol 12, Issue 9
Send Dailydave mailing list submissions to
dailydavelists.immunitysec.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.immunitysec.com/mailman/listinfo/dailydave
or, via email, send a message with subject or body 'help' to
dailydave-requestlists.immunitysec.com
You can reach the person managing the list at
dailydave-ownerlists.immunitysec.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Dailydave digest..."
Today's Topics:
1. Re: DSU (H D Moore)
2. Re: DSU (Florian Weimer)
3. Re: DSU (pageexecfreemail.hu)
4. Re: DSU (Florian Weimer)
5. Re: DSU (pageexecfreemail.hu)
6. Re: Question of the day: iTunes + Watermarking? (Dave Korn)
7. iTunes (Steve Tornio)
8. Re: MS05-027 exploits around? (Pusscat)
9. Re: DSU (TINNES Julien RD-MAPS-ISS)
10. Re: DSU (TINNES Julien RD-MAPS-ISS)
----------------------------------------------------------------------
Message: 1
Date: Tue, 11 Jul 2006 21:06:23 -0500
From: H D Moore <hdm-daily-davedigitaloffense.net>
Subject: Re: [Dailydave] DSU
To: dailydavelists.immunitysec.com
Message-ID: <200607112106.23940.hdm-daily-davedigitaloffense.net>
Content-Type: text/plain; charset="iso-8859-1"
Is Immunity using the cron.d technique for getting execution? I really
like how the RS-Labs folks did it:
http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c
-HD
On Tuesday 11 July 2006 08:57, Dave Aitel wrote:
> So the 2.6 prctl kernel bug is exploitable to get root. Typically on
> these sorts of things, you just read what Paul Starzets has to say on
> the matter and accept it. But for people who are having problems
> believing it, we posted an exploit to the partner's page about it.
------------------------------
Message: 2
Date: Wed, 12 Jul 2006 06:34:23 +0200
From: Florian Weimer <fwdeneb.enyo.de>
Subject: Re: [Dailydave] DSU
To: pageexecfreemail.hu
Cc: Dave Aitel <daveimmunityinc.com>, dailydave
<dailydavelists.immunitysec.com>
Message-ID: <87fyh7h25s.fsfmid.deneb.enyo.de>
Content-Type: text/plain; charset=us-ascii
> On 11 Jul 2006 at 9:57, Dave Aitel wrote:
>> This is the difference between Linux and Windows. If this had been
>> Microsoft they would have just changed the behavior silently or made it
>> part of some other patch and hoped no one noticed.
>
> sorry if i missed the sarcasm above, but are you suggesting that the
> following is actually what it is claimed to be? ;-)
>
> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080
Most kernel bug fixes are not reviewed for their security impact.
This means that a lot of things are in fact fixed silently. Perhaps
it's not as deliberate as what Microsoft is doing, but as a side
effect, some of these fixes are not picked up by vendors and do not
end up in their kernels, even though the bug fix has been published.
------------------------------
Message: 3
Date: Wed, 12 Jul 2006 10:41:23 +0200
From: pageexecfreemail.hu
Subject: Re: [Dailydave] DSU
To: Florian Weimer <fwdeneb.enyo.de>
Cc: Dave Aitel <daveimmunityinc.com>, dailydave
<dailydavelists.immunitysec.com>
Message-ID: <44B4D1D3.4078.60835675pageexec.freemail.hu>
Content-Type: text/plain; charset=US-ASCII
On 12 Jul 2006 at 6:34, Florian Weimer wrote:
> > On 11 Jul 2006 at 9:57, Dave Aitel wrote:
> >> This is the difference between Linux and Windows. If this had been
> >> Microsoft they would have just changed the behavior silently or made it
> >> part of some other patch and hoped no one noticed.
> >
> > sorry if i missed the sarcasm above, but are you suggesting that the
> > following is actually what it is claimed to be? ;-)
> >
> > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080
>
> Most kernel bug fixes are not reviewed for their security impact.
> This means that a lot of things are in fact fixed silently. Perhaps
> it's not as deliberate as what Microsoft is doing, but as a side
> effect, some of these fixes are not picked up by vendors and do not
> end up in their kernels, even though the bug fix has been published.
nice try but then how do you explain the following:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448
in particular note the date of the CVE entry vs. that of the commit
and the obvious discrepancy between the two descriptions. something
known to be as a security bug in May (hence the request for the CVE
entry) was committed with a rather non-descript message next month.
i for one would really like to see what went on on vendor-sec or the
kernel security list regarding this bug.
------------------------------
Message: 4
Date: Wed, 12 Jul 2006 11:00:39 +0200
From: Florian Weimer <fwdeneb.enyo.de>
Subject: Re: [Dailydave] DSU
To: pageexecfreemail.hu
Cc: Dave Aitel <daveimmunityinc.com>, dailydave
<dailydavelists.immunitysec.com>
Message-ID: <8764i
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]