-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Vuln-Dev members. Here's a fun afternoon activity pertinent to this list. Hit www.atstake.com and grab SPIKE and Sharefuzz. Put Sharefuzz on a commercial Unix of some kind (the weirder the better) and find all the environment variable overflows. For bonus points, actually write them all up. :> (Extra bonus points if you're an OS vendor and you do it before everyone else does.) (Negative points if you send me a "how do I compile this?" e-mail.) Put SPIKE on a Linux box and play with msrpcfuzz, ntlm_brute, and, after installing a web application of some kind on some machine you own, webfuzz. If YOU don't find a bug of some kind, I will GIVE YOU YOUR MONEY BACK. (No guarantees of exploitability.) Have fun, and send any patches, comments, whines, and such to daitelat_private Dave Aitel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7zDam9iGGtHdhlgMRAq6DAKCUOn4uM8aqdM9EPnyKRWqNlvrlYACfWzS/ v8NgczDuLLcy0UWGw2+YsQA= =s3LA -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Oct 16 2001 - 10:17:52 PDT