[geeks] fw
Greg A. Woods
woods at weird.com
Thu Jul 25 12:45:59 CDT 2002
[ On Thursday, July 25, 2002 at 13:00:10 (-0400), mattyml at daemons.net wrote: ]
> Subject: Re: [geeks] fw
>
> Security through obscurity is not a solution either. I read an interesting
> article about detecting remote OSs, and injecting payloads based on this
> reconnaissance. If you can make a probable guess, and find an OS,
> determining where to stick your payload on the stack is easy. You could
> also cycle through shellcode for 20 platforms and inject accordingly :)
Except in this case it's not "security by obscurity" -- it's security by
knowing and understanding the limitations of the skills of known
attackers and using that in your risk assesment.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods at ieee.org>; <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>
More information about the geeks
mailing list