<SNIPPAGE> > There should be a hands-on challenge to any security certification > requirements. Perhaps something like: "Find and infiltrate the PaX > protected system on network X. You must write your own exploit to gain > root through ssh using return-into-libc. Remove all traces of your > intrusion from the logs (they're append only). Don't alert the Snort > box." > > I don't have a CISSP btw so I'm biased. >
Yeah. Give me 6 to 9 months on that one, guy! Your point is well taken - but I think that someone who is able outline the issues from scratch (as you have just done here) is good enough on the issues side to contribute in a meaningful way. So - how many unpublished roots to ssh do you have, anyway? ;-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
