Well my 2cents worth is that script kiddies are working with known vulnerabilities, using exploits written by some one else. So the problem has to be the vulnerability in the software and the people who write the exploit. By the time its public script available on the web the software should be patched. The real issues, which is why bugtraq is important is that people have to keep in touch with whats happening. Keeping upto date is the battle half won, especially against script kiddies. fintler wrote: > --- Josh Crane <jcraneat_private> wrote: > >> well said.. >> >>> Or, maybe the exploit is needed to test the patch after it's >>> applied, to make sure it actually worked to close the hole... >>> It's not unknown for vendors to release faulty patches that >>> don't do what they claim, either... >> >> even better as it's more common than people realise.. often the exploits >> only need a minor alteration to be reborn anyway. >> >> if you are just a thoughtless admin, and don't attempt to pick up what it is >> that the exploits are doing, you will always rely on someone else to get it >> done for you... this is a community, pitching in is what it's all about. >> > > Allright, since I seem to be getting flamed, I'll try to respond to this little by little. > > If he's researching on how exploits are developed why doesn't he/she take a look at the thousands > of exploits already out there? What's so special about this one? > > You say admins use exploits to test their own hardware, but you also mention that after a patch is > applied, it may only prevent that particular version of the exploit to work, while others that are > circulated less, still do. Don't you think that this may provide a false sense of security in > that the admin may now think that the system is no longer vulnerable because that particular > exploit the admin found on bugtraq no longer works? Wouldn't a detailed explanation of the problem > that gets into the specific details (aka advisary) be more useful and cause less problems compared > to something that can be compiled straight off the list? > > I don't really see what you mean by community, a community is just a group or ppl who share a > common interest. From my point of view all I see is a *very* small percentage who share an > interest in pitching in, and a very large group that takes that work and uses it for some type of > personal gain. For example, out of the many people who subscribe to bugtraq, how many have ever > thrown their 2 cents in, I'm almost positive it is a small percent. > > Did I miss any debates there? Jeez you ppl like to pick everything apart ;P > > -fintler <fintlerat_private> > > > __________________________________________________ > Do You Yahoo!? > Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger > http://im.yahoo.com > >
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 11:35:58 PDT