Re: This is amazing.
der Mouse (mouse@Collatz.McRCIM.McGill.EDU)
Tue, 4 Oct 1994 16:52:27 -0400
> For months, I hear people piss and moan that they don't know where
> the holes are, and that they want full disclosure with detailed
> 'sploit methods to be accepted as the Correct Thing To Do. Then
> someone leaks a whole bunch of it, and people start thrashing and
> saying "what is this, what do I do with it?" ...
> Isn't this sort of thing what you *WANTED*? Isn't that one reason
> you're on this list?!
Damn straight it is! You won't see _me_ going "what do I do with it"
like that. Most of the stuff bounced off Tim Newsham's account was
pretty useless to me (what use do I have for someone else's PGP
keyring, for example?), but the SPARC register window trap exploit
code (to pick one example), while flawed, was extremely informative -
the first hard information I've ever seen on that particular bug.
sitelock was almost laughable. Someone seems to think that MD5ing the
hostid makes it harder to break...well, perhaps it will, but only
marginally. (I assume the author thinks so, or otherwise, why bother
using MD5?) All that will stop is my changing my hostid to match what
your program expects - a well-isolated check like that is a piece o'
cake to defeat. Not that I would anyway; I don't believe in
binary-only. At work, we run some binary-only stuff, but that's not my
choice. At home, the only binary-only code in use is the vendor OS,
and once I get NetBSD ported, that'll be history.
on was...well, perhaps vaguely interesting. Maybe of use to someone
looking to adapt it to attack sites with rexd (or is it rexecd?) turned
on. Not interesting enough to make me save it, though.
der Mouse
mouse@collatz.mcrcim.mcgill.edu