On Fri, 26 Oct 2007 18:03:27 +0400, 3APA3A said: > I afraid you misunderstanding or misinterpreting results of Michael > Zalewski's work (which is, by the way, last real "hack" in the initial > meaning of this word in the field of computer security). In most cases, > you have good probability to guess SN after some number of guesses. E.g. > for Windows NT 4 you have 100% probability after 5000 guesses. There is > no OS with 100% or even 50% probablity after 1 guess. And you have to > remember, that result of the guess is not known to you immediately, > because you are spoofing blindly. I'm fully aware of that. How is that any different than the *many* exploits we've seen that have to launch the attack a number of times with different offsets because the "right" one can't be predicted? Not every exploit triggers 100% the first time. Deal with it.
Attachment:
pgpezExjZu5EG.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/