> Btw, some have been mentioning "a hacker could spend weeks". > Well, that's true - if the target is interesting enough. > Most "hackers" (scrippies) are just out for the fast kick/breakin to > install their ircbot or a ddos-drone - remove that noise first :> Since was I that said that, just a little add to say that I was refering to a hacker not a kidiot. It's the diference between having sex or hacking playboy.com for free movies. > Other point in here is: The pen-tester has *one* advantage, he can > ask the customer for an account on a machine, e.g. on a webserver - > just *assume* a CGI is vulnerable (most are anyway :P) and then from the > "start" being the UID which runs the webserver try to elevate your > priviledges. Again ... the same problem :> [ ]'s bacano ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 16:04:55 PDT