Contributed by jose on from the south-american-hacker dept.
"Recently, Mr. OpenBSD wrote: "... if you don't follow our erratas, what the HELL DO YOU EXPECT?"You can learn more about Impact on the Core website , or from the Impact presentation at Blackhat 2001 . Luckily, this is priced well outside of script kiddie hands.The latest CORE IMPACT release for Windows 2000 supports OpenBSD as one of its target platforms; it includes attack modules for compromising OpenBSD systems and an OpenBSD agent for taking control and module execution on these. (Of course, this penetration testing software has more modules and agents for other operating systems.)
You can read about it at http://www.bsdnewsletter.com/2002/07/News15.html .
(I am guessing it is out of the "script-kiddies" price range.) "
(Comments are closed)
By anonymous () on
Since when have script kiddies cared about price? If they really want it then someone will subvert what ever licensing protections were put in place.
By Anonymous Coward () on
Comments
By Peter N. M. Hansteen () peter@bgnett.no on http://www.bgnett.no/~peter/
This essensially leaves us with a story about somebody who felt a need to brag about being able to break into OpenBSD boxes. It somehow fails to excite me.
By RC () on
When (blah, blah, blah) run services as a user
Every (blah, blah, blah) be chroot'ed
Do not (blah, blah, blah)
Best practices (blah, blah, blah)
You've heard it before. Now why don't people actually do it?
Comments
By Mike () on http://www.nedyah.org
For the people who are already at deadly.org, there is an availibility bias -- "I keep my system patched, everyone I talk to keeps their system patched."
In the real world, people often have things they deem more important than subscribing to certain mailing lists, checking web news sites, etc. Or they just might not trust their skills.
Here's the thing -- Suppose you have a server running off in your closet, never seeing the light of day but chugging along, passing a few packets back and forth on the internet, it does what it is supposed to. Do you think that machine will continue functioning as consistently if no one admins it at all or someone who thinks they no what they are doing is actively adminning it? That had been a safe enough bet until the SSH hole came out.
By jose () on http://www.monkey.org/~jose/
however, impact isn't simply nessus and isn't really all that simple. its a very intelligent penetration testing tool. this is a huge leap forward in such technology, and this probably threatens to put some penetration testers out of business. they have some really bright people writing their code (the core team is a huge intellectual brain store) and writing their exploits (think really good exploit writers, i wont name names). this is really worth reading up on, you'll learn a lot.
in that it targets openbsd, its a representation of how far openbsd has come. its now being taken into consideration as a target for penetration testing tools, its being recognized as being that pervasive in the business. this is good.
oh, and many of the core guys (current and past) contribute to openbsd.
By Anonymous Coward () on
By Anonymous Coward () on
Why is a computer and it's contents treaded any differnt that YOUR house, card , bank account?
What difference does make if it belong to YOU or YOUR company. And offer the information with the implied thread that if you don't PAY UP I'll ......