Debian attacker may have used new exploit
JoeHill
joehill-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Wed Dec 3 15:47:24 UTC 2003
On Wed, 3 Dec 2003 09:59:43 -0500 (EST)
Robert Brockway <robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org> wrote:
> Well, there's my position. I won't be replying to this thread again
> unless interesting new material is added. I find all too often that
> people will follow up, just repeating (or slightly varying from) what has
> already been said and the arguments go round and round. As far as I'm
> concerned Joe and I have differing opinions and have both expressed them
> now. I won't waste time following up if I'm only going to be repeating
> what I've already said.
Like to have the last word, eh?
People like car ananlogies, so here goes:
A certain brand of tire, it is discovered, has a propensity for explosive tread
separation at highway speeds. Do we keep this info private, until the vendor can
supply a patch? No. We immediately inform the public that there is a risk, so
that they can take steps to reduce that risk, such as using another brand of
tire or modifying their driving habits, or, if so inclined, staying off the road
altogether until the vendor can supply a tire which does not go "boom".
I have found/seen no empirical evidence to suggest that crackers (you are
correct, I think in that distinction) benefit from disclosure, but I have read
many accounts of public disclosure of security risks leading to timely and
effective mitigation, such as the examples I have already posted.
If someone could point me to a source which contradicts this evidence, I would
gladly eat my words, otherwise, the idea that these script kiddies benefit
*substantially* from public disclosure of vulnerabilities remains, in my mind,
merely a theory. The fact that it is proposed primarily by proprietary software
vendors also makes me suspicious.
To wit:
http://www.wild.lib.fl.us/bib/disclosure-by-date.html
You will notice that proprietary vendors are by far the most vocal about keeping
a lid on newly discovered exploits, whereas the actual security professionals
see more good than harm in publicly disclosing them.
My favourite quote, from:
http://www.computerworld.dk/usarticles.asp?Mode=1&USArticleID=2682
""On analysis of the code of the Slammer worm it is apparent that my code was
used as its template," Litchfield wrote.
Many parts of the worm's code were identical to the published proof of concept
code, but the worm was not simply a copy of the published example, Litchfield
said.
"It (is) apparent that whoever authored the worm knew how to write buffer
overflow exploits and would have been capable of doing this without using my
shellcode as a template," Litchfield wrote.
The code taken from Litchfield's published exploit saved the worm's real writer
"about 20 or so minutes," Litchfield wrote."
--
JoeHill ++ ICQ # 280779813
Registered Linux user #282046
Homepage: www.orderinchaos.org
+++++++++++++++++++++++++++
"Where the state begins, individual liberty ceases, and vice versa."
-- Bakunin
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list