On Wed, 02 Jan 2008 13:48:13 CST, you said: > its funny how you always talk about other people ( like a few days ago when > you were amazed that people exploited an off by one ), Actually, I was merely pointing out to a reader of the list that if you *can* get x'41414141' into the appropriate register, you can probably abuse it into a full exploit, and gave an example of an off-by-one-byte that produced such an exploit. Maybe in that reader's world, they can get away with asking "how is that exploitable?", but some of us have to classify that as "should be considered exploitable until proved otherwise". > , and talk about "the > old times"... sure signs of someone washed up as evident by your > non-productiveness in the last few years Failure to learn from the lessons of the past is a good way to shoot yourself in the foot exactly the same way. Yes - WANK was back in 1989. However, even now, almost 2 decades later, we're *still* seeing a lot of systems getting exploited for the *exact same* base cause. Additionally, it's proof that anybody who is just *now* waking up to the concept of "cyber-warfare" is 20 years behind: http://marc.info/?l=isn&m=100707930117213&w=2 It's also a good idea to keep in mind that not everybody in the security industry measures "productivity" by "number of exploits published". For some of us who run production networkds, "no incidents happened, and none of the users noticed a damned thing we did to ensure it" is the rarely attained Nirvana.
Attachment:
pgpjsMwj0AGvc.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/