[PLUG] vulnerable Linux

alan alan at clueserver.org
Wed Feb 28 23:38:33 UTC 2007


On Wed, 28 Feb 2007, David A. Gibbons wrote:

>
> ----- "Michael Rasmussen" <mikeraz at patch.com> wrote:
>> In case you don't read LWN.
>>
>> Securing Linux by breaking it with Damn Vulnerable Linux
>>
>
>> DVL is a live CD available as a 150MB ISO. It's based on the popular
>> mini-Linux
>> distribution Damn Small Linux (DSL), not only for its minimal size,
>> but also for
>> the fact that DSL uses a 2.4 kernel, which makes it easier to offer
>> vulnerable
>> elements that might not work under the 2.6 kernel.
>
>
> That seems kinda stupid to me, I would imagine the amount of relevant knowledge to be gained by people breaking into worn aged software is much smaller than the insight that would be gained by a 2.6 kernel with lots of software not too old running on it.
>
> It's like saying there's tons to be gained by watching people hack windows 95. Your also much more likely to get a "false" positive (script kiddy, automatic scanning script, botnet script, whatever) with something thats such old news.

Actually there is a lot to be gained.  Understanding an exploit anh ow it 
works is not as easy as some people seem to believe.  Being able to write 
a heap exploit, getting it to work on a known piece of code, and then 
understanding why it worked is quite valuable.  You can then extend that 
knowledge to something that has not been rooted.

Not everything is a buffer overflow.

Learning from the mistakes of the past is a good thing.

-- 
"Invoking the supernatural can explain anything, and hence explains nothing."
                   - University of Utah bioengineering professor Gregory Clark



More information about the PLUG mailing list