If this group of coders el8 (yes, I heard about them before - I remember somebody got the wu-ftpd 2.6.2 exploit from them a few weeks before it was released) would have such type of exploits than it's only a mather of weeks before it's gonna show up. Since they're underground they're probably not looking for money but fame (if they really want to steal cc information all they have to do is search google for orders.dbf cart32.exe and God knows what other insecure webcart releases.). So if they're looking for fame they will probably release in a few weeks or so some kind of exploit (with something like "worship us 'cauze we are the gods of coding" in the coments). Yes, it's true that a kernel exploit would pass firewalls because 99% of firewalls are based on kernel. But i don't think that it would be the end of the world. Because the reason we love open-source is the speed of patching it. And if it's gonna be an exploit, there's certanly gonna be a patch for it. Apache, OpenSSH, OpenSSL are all widespread services yet they all have been vulnerable... we survived. We're still here... my server's are still not compromised... So have no fear cause "In open-source we trust" -- ------------------- Proud member of PentaGuard "Making the net a safer place since 1998" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 02:22:42 PDT