[PLUG] vulnerable Linux
alan
alan at clueserver.org
Wed Feb 28 23:38:33 UTC 2007
On Wed, 28 Feb 2007, David A. Gibbons wrote:
>
> ----- "Michael Rasmussen" <mikeraz at patch.com> wrote:
>> In case you don't read LWN.
>>
>> Securing Linux by breaking it with Damn Vulnerable Linux
>>
>
>> DVL is a live CD available as a 150MB ISO. It's based on the popular
>> mini-Linux
>> distribution Damn Small Linux (DSL), not only for its minimal size,
>> but also for
>> the fact that DSL uses a 2.4 kernel, which makes it easier to offer
>> vulnerable
>> elements that might not work under the 2.6 kernel.
>
>
> That seems kinda stupid to me, I would imagine the amount of relevant knowledge to be gained by people breaking into worn aged software is much smaller than the insight that would be gained by a 2.6 kernel with lots of software not too old running on it.
>
> It's like saying there's tons to be gained by watching people hack windows 95. Your also much more likely to get a "false" positive (script kiddy, automatic scanning script, botnet script, whatever) with something thats such old news.
Actually there is a lot to be gained. Understanding an exploit anh ow it
works is not as easy as some people seem to believe. Being able to write
a heap exploit, getting it to work on a known piece of code, and then
understanding why it worked is quite valuable. You can then extend that
knowledge to something that has not been rooted.
Not everything is a buffer overflow.
Learning from the mistakes of the past is a good thing.
--
"Invoking the supernatural can explain anything, and hence explains nothing."
- University of Utah bioengineering professor Gregory Clark
More information about the PLUG
mailing list