[9697] in bugtraq
Re: [HERT] Advisory #002 Buffer overflow in lsof
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Sun Feb 21 17:48:15 1999
Date: Fri, 19 Feb 1999 17:09:18 -0500
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To: Gene Spafford <spaf@CS.PURDUE.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Thu, 18 Feb 1999 21:41:16 EST."
<199902190241.VAA17454@dorsai.cs.purdue.edu>
--==_Exmh_-806204580P
Content-Type: text/plain; charset=us-ascii
On Thu, 18 Feb 1999 21:41:16 EST, Gene Spafford said:
> People who really want to improve security find ways to avoid hurting victims
> and increase protection. If there is a problem that is not known and not
> under attack, notifying the vendor and waiting for a valid fix to appear is
> not going to result in anyone being hurt. Posting an exploit widely for a
> previously unknown problem suddenly opens up all the current users to attack.
Umm.. Gene? I agree with most of your logic, if you can clear up one
minor sticking point:
How do us white hats determine that a problem isn't already known and
being exploited elsewhere by the black hats?
Remember that security holes are found in only two ways: during code
auditing, and after a break-in. Now, if you find it after a break in,
you can safely say it's being exploited in the real world. However,
if you find it during a code audit, you *don't* have any way to find
out if other people are already getting attacked by it.
Remember that the whole reason that Bugtraq is a full-disclosure list
is because there's an implicit assumption that the black hats already
know about all the holes, and we need to get the information out to
the white hats who don't know yet.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-806204580P
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
iQCVAwUBNs3hDtQBOOoptg9JAQHlwQP/W0bRtbptYNQ6nW8JZe6UTD+nQGJw6418
h0QmFejv5UlYJtGgpR23hUgBizdD4l3L4wk1SRGuDZ89nUfE3X7tYS4GQ1veBYOB
wpy14w3bEgJ1hesbznqay+odEvP6r2ghP0EUoN0xzgMQmhEajExX4XUWqCifbE0o
aVCf37Xu4UM=
=HEsE
-----END PGP MESSAGE-----
--==_Exmh_-806204580P--
