Name Usage problem.
-
Nish, I wasn't commenting on Colin, I was commenting on your philosophy. cheers, Chris Maunder
Chris Maunder wrote: I wasn't commenting on Colin, I was commenting on your philosophy Okay. I understand now. But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. I was pasrt of my company's net security team last year. This was one of my functions. Look out for the latest bugs and exploits. Download them. Try them on our servers. There were 4 separate instances when I actually discovered root exploit holes on sour main server [running Linux]. So I have a different way of looking at these things. Also during my college level days, I played around quite a bit with vulnerability scanners and stuff like that. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: I guess Colin must have mailed you how he did it by now. Of course not, Telling Chris about an ASP exploit would be like telling my granny how to suck eggs. Remember Chris is our ASP guru chap. He probably already plugged the hole when he saw the Dr Wluff post. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: Telling Chris about an ASP exploit would be like telling my granny how to suck eggs. Remember Chris is our ASP guru chap Dunno whether Chris M will take the comparison of his ASP skills to your grand-ma's egg related skills :-) I guess he's plugged it by now. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: Telling Chris about an ASP exploit would be like telling my granny how to suck eggs. Remember Chris is our ASP guru chap Dunno whether Chris M will take the comparison of his ASP skills to your grand-ma's egg related skills :-) I guess he's plugged it by now. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish the comparisson was not meant to be derrogatory at all. It is a usage of an English expession "to suck eggs" it signifys that you really know your stuff. Nish [BusterBoy] wrote: I guess he's plugged it by now. I'd say so, I'll test it tomorrow, just to be on the safe side. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Chris Maunder wrote: I wasn't commenting on Colin, I was commenting on your philosophy Okay. I understand now. But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. I was pasrt of my company's net security team last year. This was one of my functions. Look out for the latest bugs and exploits. Download them. Try them on our servers. There were 4 separate instances when I actually discovered root exploit holes on sour main server [running Linux]. So I have a different way of looking at these things. Also during my college level days, I played around quite a bit with vulnerability scanners and stuff like that. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. Citigal released the AIM exploit because they're nothing but a bunch of script kiddies looking for some fun. IMHO anyway :) James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
-
Nish the comparisson was not meant to be derrogatory at all. It is a usage of an English expession "to suck eggs" it signifys that you really know your stuff. Nish [BusterBoy] wrote: I guess he's plugged it by now. I'd say so, I'll test it tomorrow, just to be on the safe side. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: Nish the comparisson was not meant to be derrogatory at all. I know :-) It was my idea of a subtle joke. Like if someone tells me, 'Nish you are as cool as Peter Norton', I'd say, "uh huh" in a manner as if to suggest I was actually cooler. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: Nish the comparisson was not meant to be derrogatory at all. I know :-) It was my idea of a subtle joke. Like if someone tells me, 'Nish you are as cool as Peter Norton', I'd say, "uh huh" in a manner as if to suggest I was actually cooler. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: 'Nish you are as cool as Peter Norton' I haven't heard of him in years ! Where is he now ? Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Nish [BusterBoy] wrote: But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. Citigal released the AIM exploit because they're nothing but a bunch of script kiddies looking for some fun. IMHO anyway :) James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
James T. Johnson wrote: But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. It's not that way at all. Say there is a new bug in my box's FTP server. I download the exploit. Test my server and if it is vulnerable I take it down. later on when the vendor releases a new version I downlaod it and try the exploit on it and if it is safe I can up my FTP again. Thus the end-users can be sure they are using a safe product and there is pressure on my FTP server vendor to fix the bug. But the nice security guys always give the vendor a one week head start. Cigital's behaviour sucked in that respect. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: 'Nish you are as cool as Peter Norton' I haven't heard of him in years ! Where is he now ? Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: I haven't heard of him in years ! Where is he now ? CEO and CIO of Symantec Corporation! Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: I haven't heard of him in years ! Where is he now ? CEO and CIO of Symantec Corporation! Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: CEO and CIO of Symantec Corporation! Gosh, I do lead a sheltered life. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Nish the comparisson was not meant to be derrogatory at all. It is a usage of an English expession "to suck eggs" it signifys that you really know your stuff. Nish [BusterBoy] wrote: I guess he's plugged it by now. I'd say so, I'll test it tomorrow, just to be on the safe side. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Hey Colin, I'll be on the road (well, in the air) all day tomorrow and will try to work a fix but no promises that I'll get a chance. cheers, Chris Maunder
-
James T. Johnson wrote: But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. It's not that way at all. Say there is a new bug in my box's FTP server. I download the exploit. Test my server and if it is vulnerable I take it down. later on when the vendor releases a new version I downlaod it and try the exploit on it and if it is safe I can up my FTP again. Thus the end-users can be sure they are using a safe product and there is pressure on my FTP server vendor to fix the bug. But the nice security guys always give the vendor a one week head start. Cigital's behaviour sucked in that respect. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: Say there is a new bug in my box's FTP server. I download the exploit. Test my server and if it is vulnerable I take it down. And what if the exploit is for something more serious than an FTP server? Or that you depend on the FTP server for day-to-day duties. You can't just "take it down" without serious problems occuring. Publishing bugs that don't affect security should be published, since publishing them does tend to get them fixed faster. Put publishing security bugs just hurts everyone who relies on the software for their business. James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
-
Hey Colin, I'll be on the road (well, in the air) all day tomorrow and will try to work a fix but no promises that I'll get a chance. cheers, Chris Maunder
Good Luck Chris. I wish I could be like you. Jumping from country to country with a laptop and coding in an aeroplane. Sounds like heaven to me... Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: Say there is a new bug in my box's FTP server. I download the exploit. Test my server and if it is vulnerable I take it down. And what if the exploit is for something more serious than an FTP server? Or that you depend on the FTP server for day-to-day duties. You can't just "take it down" without serious problems occuring. Publishing bugs that don't affect security should be published, since publishing them does tend to get them fixed faster. Put publishing security bugs just hurts everyone who relies on the software for their business. James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
James T. Johnson wrote: And what if the exploit is for something more serious than an FTP server? Or that you depend on the FTP server for day-to-day duties. You can't just "take it down" without serious problems occuring. Publishing bugs that don't affect security should be published, since publishing them does tend to get them fixed faster. Put publishing security bugs just hurts everyone who relies on the software for their business. James you seem to have no idea of how the cracking community works. If one of them discovers a hole, it'll spread like fire. Thus if a valid security agency keeps the bug a secret, the only people who miss out will be the end-users. The malicious ones will always be the first ones to get access to the exploits. Believe me James, I know what I am talking about. Hiding an exploit won't make it vanish. On the other hand revealing it might at the very least enable an end-user to be at least ready for it. And it is very very good to pressurize the vendors. I am not sure you'll be convinced. This kind of thing needs real experience before convincement. Anyway, I understand your thought process, but your data is all wrong. Often vendors have kept quiet about holes and this has lead to a lot of security breaches costing dear to many users of their products. Guess I'll stop now... Thanks Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: CEO and CIO of Symantec Corporation! Gosh, I do lead a sheltered life. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: Gosh, I do lead a sheltered life. Yeah and you also live in a sheltered country I guess :-) Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Good Luck Chris. I wish I could be like you. Jumping from country to country with a laptop and coding in an aeroplane. Sounds like heaven to me... Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: Sounds like heaven to me... Believe me, it isn't Nish. The glamour of travel soon wears off, especially if is the same flight, same destination every time. Flying is not some exotic adventure, it is more some exotic torture :) Nish [BusterBoy] wrote: coding in an aeroplane. Everytime you hit turbelence they ask you to shut down any electronic equipment. On take off and landing you also cannot use it. During meals you have no space, and the rest of the time your neigbour is complaining about the monitor glare or your elbows sticking out while typing. So in short, it sounds fun but it isn't :-D regards, Paul Watson Bluegrass Cape Town, South Africa "The greatest thing you will ever learn is to love, and be loved in return" - Moulin Rouge Sonork ID: 100.9903 Stormfront
-
Nish [BusterBoy] wrote: Sounds like heaven to me... Believe me, it isn't Nish. The glamour of travel soon wears off, especially if is the same flight, same destination every time. Flying is not some exotic adventure, it is more some exotic torture :) Nish [BusterBoy] wrote: coding in an aeroplane. Everytime you hit turbelence they ask you to shut down any electronic equipment. On take off and landing you also cannot use it. During meals you have no space, and the rest of the time your neigbour is complaining about the monitor glare or your elbows sticking out while typing. So in short, it sounds fun but it isn't :-D regards, Paul Watson Bluegrass Cape Town, South Africa "The greatest thing you will ever learn is to love, and be loved in return" - Moulin Rouge Sonork ID: 100.9903 Stormfront
Paul Watson wrote: So in short, it sounds fun but it isn't Oh, thanks. I am but a 3rd worlder Paul. I wouldn't have known till someone actually told me. So thanks for that :-) Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
James T. Johnson wrote: And what if the exploit is for something more serious than an FTP server? Or that you depend on the FTP server for day-to-day duties. You can't just "take it down" without serious problems occuring. Publishing bugs that don't affect security should be published, since publishing them does tend to get them fixed faster. Put publishing security bugs just hurts everyone who relies on the software for their business. James you seem to have no idea of how the cracking community works. If one of them discovers a hole, it'll spread like fire. Thus if a valid security agency keeps the bug a secret, the only people who miss out will be the end-users. The malicious ones will always be the first ones to get access to the exploits. Believe me James, I know what I am talking about. Hiding an exploit won't make it vanish. On the other hand revealing it might at the very least enable an end-user to be at least ready for it. And it is very very good to pressurize the vendors. I am not sure you'll be convinced. This kind of thing needs real experience before convincement. Anyway, I understand your thought process, but your data is all wrong. Often vendors have kept quiet about holes and this has lead to a lot of security breaches costing dear to many users of their products. Guess I'll stop now... Thanks Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: James you seem to have no idea of how the cracking community works. If one of them discovers a hole, it'll spread like fire. To the cracking community, yes, but not to the general community. Crackers will find holes no matter, but if someone posts information about a hole to the community t large (with detailed instructions on how to do it) then it encourages those who would otherwise not know or have the energy/wherewithall to find out. I would imagine those who would try a hole simply because it's been widely publicised would outway those who would find out through their cracker networks by a factor or a hundred to one or more. cheers, Chris Maunder
-
Nish [BusterBoy] wrote: James you seem to have no idea of how the cracking community works. If one of them discovers a hole, it'll spread like fire. To the cracking community, yes, but not to the general community. Crackers will find holes no matter, but if someone posts information about a hole to the community t large (with detailed instructions on how to do it) then it encourages those who would otherwise not know or have the energy/wherewithall to find out. I would imagine those who would try a hole simply because it's been widely publicised would outway those who would find out through their cracker networks by a factor or a hundred to one or more. cheers, Chris Maunder
Hi Chris I was surprised to get a reply on this thread, started a week or two ago I think. I bet this is the longest thread ever in the Suggestions Forum :-) Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Hi Chris I was surprised to get a reply on this thread, started a week or two ago I think. I bet this is the longest thread ever in the Suggestions Forum :-) Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: started a week or two ago I think :-O :-O :-O :-O :-O Sheesh! Sorry! Just 3 days old. Seems like so long ago though to me :-( Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: started a week or two ago I think :-O :-O :-O :-O :-O Sheesh! Sorry! Just 3 days old. Seems like so long ago though to me :-( Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: Seems like so long ago though to me I thought its been more than a week too. Chris basically said what I had been trying to type in a reply too :-P James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972