Recent Features
| |||||||||||||
Stable kernel 2.6.25.10Stable kernel 2.6.25.10Posted Jul 7, 2008 6:48 UTC (Mon) by nix (subscriber, #2304)In reply to: Stable kernel 2.6.25.10 by spender Parent article: Stable kernel 2.6.25.10
... and if it took you twenty minutes, your average script kiddie would take weeks, if ever. (Of course, buying a copy from a blackhat with similar skills would probably be faster.)
(Log in to post comments)
Stable kernel 2.6.25.10 Posted Jul 7, 2008 7:49 UTC (Mon) by PaXTeam (subscriber, #24616) [Link] the 20 mins was the runtime of the exploit, not its development time.
Stable kernel 2.6.25.10 Posted Jul 7, 2008 19:43 UTC (Mon) by nix (subscriber, #2304) [Link] I thought 20 minutes seemed awfully fast to write an exploit from scratch, but I'm not very good at that sort of thing so I thought maybe skilled people are faster. (Still, if a random blackhat tries to eat that amount of CPU time on any of my security-important systems all sorts of alarms would go off. But maybe that's more paranoia than most people show, and I suppose if the attacker knew about those monitoring systems he could distribute the computational work among numerous processes and a long stretch of time. Still, again, if an attacker knows that much, I'm dead anyway. Maybe this is significant to unmonitored systems with untrusted local users, and I suppose it makes it easier to escalate to root once you've got in via some vulnerable network service, but if the attacker's managed that, again, you're dead anyway: and most attackers these days don't *care* about escalation to root: all they care about is being able to spam like crazy, and being able to spy on the user, and an attack via, say, a browser vulnerability will give them all of that.)
|
|||||||||||||