<br>Funny! how you just said that!<br><br>I can quote myself saying "what a bad month for China" just this morning, having 2 of your arsenal die in one month must hurt bad but certainly they should have plenty more handy. I am hopeful that U.S. will catch up on that front whenever the federal employees stop padding each other on the back and say how great they are just because they happen to use IOCTL's for Solaris shellcodes. Maybe when everybody is done blowing each other off, we can do some catching up ;><br>
<br>Also god forbid, we might even consider not reporting bugs anymore!<br><br>regards,<br>Olef<br><br><br><br><div class="gmail_quote">On Thu, Oct 23, 2008 at 10:45 AM, Dave Aitel <span dir="ltr"><<a href="mailto:dave@immunityinc.com">dave@immunityinc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Recently Kostya finished off the IPP exploit (MS08-062) which turns<br>
out to be much more useful than I expected for penetration tests.<br>
Although most penetration tests start out "blind" and you don't have a<br>
username and password, in the real world, a hacker WOULD have a<br>
username or password to the domain, if it's big enough. But since we<br>
rarely do , I was happy to see that on our latest penetration test<br>
there were several machines set up to offer internet printing<br>
anonymously. Of course, in this particular case, proper network<br>
exfiltration filtering prevented them from getting exploited, but it<br>
was interesting to see real world machines vulnerable to such a thing.<br>
<br>
The question you always have is "How reliable is reliable" and I'd<br>
have to say that Kostya's IPP exploit is probably 100% against<br>
standard IIS 5.0, for those of you still running that (welcome to 2008<br>
:>!). MS08-062 is not a bug you would find with a fuzzer, so having<br>
people vulnerable by default makes it obvious that there was a lot of<br>
value to whoever found it, and they were probably using it pretty<br>
widely for them to have gotten caught. This is worse news for MS than<br>
it originally seemed.<br>
<br>
This server service bug, on the other hand, is exactly as bad as it<br>
would seem. It's the kind of news for Microsoft (and their customers,<br>
of course) that creates real-world sales problems (much like the<br>
RedHat compromise should have). The world has changed a lot since the<br>
last time a remote vulnerability of this nature came out - now the<br>
distribution of high quality exploits is going to be essentially<br>
instantaneous.<br>
<br>
It will be interesting to see how organizations react to this - or if<br>
they react at all.<br>
<br>
- -dave<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.6 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a><br>
<br>
iD8DBQFJALg9tehAhL0gheoRAu9PAJ97HRWZbgR7Eia02u1oCysP8ah6KgCeJ1uI<br>
esxhUFYRvz9+6Wlj0nu774w=<br>
=Bv+0<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunitysec.com">Dailydave@lists.immunitysec.com</a><br>
<a href="http://lists.immunitysec.com/mailman/listinfo/dailydave" target="_blank">http://lists.immunitysec.com/mailman/listinfo/dailydave</a><br>
</blockquote></div><br>