[Dailydave] Oracle Rootkits

[Dave Aitel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the things we've tried to do, and I think been fairly
successful at, is build an ecosystem around CANVAS where we can get
independent vendors to develop their own technology on top of the
CANVAS base project.  For the vendor there are a number of benefits.

1. We accept credit cards and are a US company (soon to be 8(a) I
hope!). We have a customer list we can market their things to easily.

2. MOSDEF means vendors don't have to spend their whole lives writing
shellcode. Built in Oracle/MSSQL/mySQL/SSL/etc libraries don't hurt.
Having remote os and language pack detection done for you is nice.

3. CANVAS's automation means that if a vendor has a module to fix some
new vulnerability, it can be used against a class B as part of
massattack or VulnAssess without any additional configuration by the
customer.

A few years back everyone was like "I want to write exploits for a
living". And now you can.

Anyways, I bring this up because I notice Argeniss is now selling a
really cool Oracle Rootkit now as part of their toolkit. How awesome
is that?

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFo8wtB8JNm+PA+iURAu/xAJsEz8wfDFNqIg96BP9SDQpgPtQ9FgCgl5Wm
FTFytU44eSH5v0As5EPv66Y=
=MhPq
-----END PGP SIGNATURE-----