[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] credibility (was 'more security people')

To: "Steven Alexander" <alexander.s@mccd.edu>, full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] credibility (was 'more security people')
From: "Jeremiah Cornelius" <jeremiah@nur.net>
Date: Wed, 4 Feb 2004 15:33:46 -0800

<SNIPPAGE>
> There should be a hands-on challenge to any security certification
> requirements.  Perhaps something like: "Find and infiltrate the PaX
> protected system on network X.  You must write your own exploit to gain
> root through ssh using return-into-libc.  Remove all traces of your
> intrusion from the logs (they're append only).  Don't alert the Snort
> box." 
> 
> I don't have a CISSP btw so I'm biased.
> 


Yeah.  Give me 6 to 9 months on that one, guy!

Your point is well taken - but I think that someone who is able outline the 
issues from scratch (as you have just done here) is good enough on the issues 
side to contribute in a meaningful way.

So - how many unpublished roots to ssh do you have, anyway? ;-)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] credibility (was 'more security people')
  - From: "Steven Alexander" <alexander.s@mccd.edu>

Prev by Date: Re: [Full-Disclosure] MS updates question
Next by Date: [Full-Disclosure] Multiple Vulnerabilities in Microsoft Vulnerabilities
Previous by thread: RE: [Full-Disclosure] credibility (was 'more security people')
Next by thread: Re: [Full-Disclosure] credibility (was 'more security people')
Index(es):
- Date
- Thread