My thoughts in-line... On Sun, 08 Sep 2002, andy_mnat_private wrote: > - - I have not seen any incident reports on Incidents, or any other > mailing list for that matter. If it's a private exploit, in the hands of one or two people, there may be a vested interest in not reporting it. > - - You'd think several high profile sites would've been attacked already > with such devastating exploits, but I've seen no reports of this. In > fact, if the kids really did have such an exploit, you'd think they'd > tag their h4ndl3z all over high profile sites. But according to Alldas, > high profile defacements have been virtually nonexistent in the last > year or so. Not if they are being sneaky and lying low. A wise decision given today's political climate. > - - Given the skill required to craft such an exploit, I'd think it > would be way out of the grasp of the kids. Since no researcher has > come forth with such a vulnerability, it's logical to conclude that > this does not exist. Not everyone who crafts an exploit is neccessarly a researcher or a kid. Anyway, just my thoughts, no basis whatsoever, just based on the availible information. Azerail ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Mon Sep 09 2002 - 10:26:56 PDT