Debian attacker may have used new exploit

JoeHill joehill-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Wed Dec 3 16:02:47 UTC 2003


On Wed, 3 Dec 2003 09:59:43 -0500 (EST)
Robert Brockway <robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org> wrote:

> Software vulnerabilities are normally fixed by patches but I'll agree that
> security overall is more a function of awareness.  I think this sentence
> mixes up too different concepts (specific security issues vs security
> procedures and knowledge).

Not at all. You are again assuming that "script-kiddies" gain somehow from the
widespread "awareness" of vulnerabilities, an assumption to which I do not
subscribe, mainly for lack of evidence.

>From Security Focus:

"A successful attacker requires three things: the opportunity to launch an
attack, the capacity to successfully execute the attack, and the motivation to
attack. An opportunity to launch an attack requires a vulnerable system and an
access path to the system. The capability to successfully execute the attack
requires knowledge of the vulnerability and the tools to exploit it.

Proponents of the information dictatorship argument are targeting the second
requirement of a successful attacker: his capability to launch an attack. This
approach to the problem of computer security is flawed, and can only fail.

First, we cannot stop some small number of malicious users from gaining
knowledge of vulnerabilities, or access to the tools that exploit them.
Vulnerability information and exploits have legitimate uses with the computer
security field. They are part of research, are required in penetration testing,
and used by system administrator to test their systems, mitigate the risks by
gaining an in-depth understanding of the problem, and to verify that vendor
fixes work as advertised."

Link:

http://www.securityfocus.com/news/270

-- 
JoeHill ++ ICQ # 280779813
Registered Linux user #282046
Homepage: www.orderinchaos.org
+++++++++++++++++++++++++++
"The more laws and order are made prominent, the more thieves and robbers there
will be."-- Lao Tsu
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list