Re: (Open|Net)BSD local root exploit
Now imagine a big field, with a treasure chest in the middle of it - this is your security. Now, imagine the chest is buried in the field, and no-one saw me bury it. This is my security. Snip enormous security through obscurity tirade However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that really if you have a priceless artifact that you don't want found, the trick is to give to a peasant, because no adventurer is going to go round killing every peasant in the land to find the one with the treasure. See also the way diamonds are transported around Hatton Garden (i.e. in people's pockets, not in securicor vans). -- Jonathan Peterson Technical Manager, Unified Ltd, 020 7383 6092 [EMAIL PROTECTED]
Re: (Open|Net)BSD local root exploit
* Jonathan Peterson ([EMAIL PROTECTED]) wrote: Now imagine a big field, with a treasure chest in the middle of it - this is your security. Now, imagine the chest is buried in the field, and no-one saw me bury it. This is my security. Snip enormous security through obscurity tirade However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that you should of let me know, and we could of played MP, the same goes for any other BG2 or freeciv (just for you *nix compulsives) players out there. -- Greg McCarrollhttp://217.34.97.146/~gem/
Re: (Open|Net)BSD local root exploit
Jonathan Peterson [EMAIL PROTECTED] writes: Now imagine a big field, with a treasure chest in the middle of it - this is your security. Now, imagine the chest is buried in the field, and no-one saw me bury it. This is my security. Snip enormous security through obscurity tirade However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that really if you have a priceless artifact that you don't want found, the trick is to give to a peasant, because no adventurer is going to go round killing every peasant in the land to find the one with the treasure. See also the way diamonds are transported around Hatton Garden (i.e. in people's pockets, not in securicor vans). Don't remind me. I used to work in Hatton Gardenm, and bought Gill's engagement ring there. Well, that's not quite true, I bought the *pieces* of Gill's engagement ring there. Which is a story in itself that I'll tell at a London.pm social evening one time. The scariest bit was handing over £400 or so worth of gem + gold to the bloke who was going to turn it into a real ring. A bloke who I had never met before that moment. Who was going to do the work for 15 quid. And he looked surprised when I asked for a receipt. -- Piers Cawley www.iterative-software.com
Re: (Open|Net)BSD local root exploit
On Mon, 18 Jun 2001, Jonathan Peterson wrote:
However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that
really if you have a priceless artifact that you don't want found, the
trick is to give to a peasant, because no adventurer is going to go round
killing every peasant in the land to find the one with the treasure. See
That is unless you're Herod. Then Herod, when he saw that he had been
tricked by the wise men, was in a furious rage, and he sent and killed all
the male children in Bethlehem and in all that region who were two years
old or under, according to the time which he had ascertained from the wise
men.
I say we take off and nuke the entire site from orbit. That's the only
way to be sure.
Later.
Mark.
--
s'' Mark Fowler London.pm Bath.pm
http://www.twoshortplanks.com/ [EMAIL PROTECTED]
';use Term'Cap;$t=Tgetent Term'Cap{};print$t-Tputs(cl);for$w(split/ +/
){for(0..30){$|=print$t-Tgoto(cm,$_,$y). $w;select$k,$k,$k,.03}$y+=2}
Re: (Open|Net)BSD local root exploit
On Mon, 18 Jun 2001, Mark Fowler wrote: On Mon, 18 Jun 2001, Jonathan Peterson wrote: However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that really if you have a priceless artifact that you don't want found, the trick is to give to a peasant, because no adventurer is going to go round killing every peasant in the land to find the one with the treasure. See That is unless you're Herod. Then Herod, when he saw that he had been tricked by the wise men, was in a furious rage, and he sent and killed all the male children in Bethlehem and in all that region who were two years old or under, according to the time which he had ascertained from the wise men. I say we take off and nuke the entire site from orbit. That's the only way to be sure. I play Herod in a school play once. Go figure. L. Mmm, caffeine...
Re: (Open|Net)BSD local root exploit
On Mon, 18 Jun 2001, Lucy McWilliam wrote: However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that really if you have a priceless artifact that you don't want found, the trick is to give to a peasant, because no adventurer is going to go round killing every peasant in the land to find the one with the treasure. See That is unless you're Herod. I play Herod in a school play once. Go figure. Aargh...played. Maybe I should go and imbibe some of that caffeine stuff. L. Mmm, caffeine...
Re: (Open|Net)BSD local root exploit
* Lucy McWilliam ([EMAIL PROTECTED]) wrote: I play Herod in a school play once. Go figure. Aargh...played. Maybe I should go and imbibe some of that caffeine stuff. For what its worth I saw nothing wrong with your original message. -- Greg McCarrollhttp://217.34.97.146/~gem/
Re: (Open|Net)BSD local root exploit
On Mon, Jun 18, 2001 at 09:38:44AM +0100, Jonathan Peterson wrote: However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that really if you have a priceless artifact that you don't want found, the trick is to give to a peasant, because no adventurer is going to go round killing every peasant in the land to find the one with the treasure. See also the way diamonds are transported around Hatton Garden (i.e. in people's pockets, not in securicor vans). And if you have a rouge stone worth 1500 gold you shouldn't put it in a chicken while a shady guy is watching, since said shady guy might tell some feisty adventurers about it for a small fee. Especially if you live in Umar Hills. -- Niklas Nordebo -- [EMAIL PROTECTED] -- +447966251290 The day is seven hours and fifteen minutes old, and already it's crippled with the weight of my evasions, deceit, and downright lies
Re: (Open|Net)BSD local root exploit
* Niklas Nordebo ([EMAIL PROTECTED]) wrote: On Mon, Jun 18, 2001 at 09:38:44AM +0100, Jonathan Peterson wrote: However, after playing Baldurs Gate 2 all weekend, I'm obliged to say that really if you have a priceless artifact that you don't want found, the trick is to give to a peasant, because no adventurer is going to go round killing every peasant in the land to find the one with the treasure. See also the way diamonds are transported around Hatton Garden (i.e. in people's pockets, not in securicor vans). And if you have a rouge stone worth 1500 gold you shouldn't put it in a chicken while a shady guy is watching, since said shady guy might tell some feisty adventurers about it for a small fee. Especially if you live in Umar Hills. you know that game far to well! ;-) -- Greg McCarrollhttp://217.34.97.146/~gem/
Re: (Open|Net)BSD local root exploit
* Niklas Nordebo ([EMAIL PROTECTED]) wrote: On Mon, Jun 18, 2001 at 06:11:39PM +0100, Greg McCarroll wrote: you know that game far to well! ;-) Probalby. While we're on the subject of computer games I recently found Civilization: Call to power on sale at HMV. Since I didn't like Civ 2 I'd been sceptical, but it was only five quid so I picked it up, and the let the box lie unopened for a couple of weeks, than I opened it and started playing last week and now I'm seriously addicted. you should play freeciv 64 bytes from 212.78.195.170: icmp_seq=2 ttl=236 time=3009.3 ms 64 bytes from 212.78.195.170: icmp_seq=3 ttl=236 time=3012.4 ms err maybe you shouldn't ;-) -- Greg McCarrollhttp://217.34.97.146/~gem/
Re: (Open|Net)BSD local root exploit
On Sat, 16 Jun 2001, David Cantrell wrote: As there's plenty of BSDers here, and I expect that at least some of you don't subscribe to Bugtraq and friends ... http://www.securityfocus.com/vdb/?id=2873 Does this count as the end of [Net?]BSD's $years of having no exploits? -- Chris Devers [EMAIL PROTECTED] webmaster work: 781.221.5372 Skillcheckcell: 617.365.0585
Re: (Open|Net)BSD local root exploit
On Sun, Jun 17, 2001 at 10:46:21AM -0400, Chris Devers wrote: Does this count as the end of [Net?]BSD's $years of having no exploits? OpenBSD still claims 4 years without a remote hole in the default install. ISTR they had a couple of years without a local hole too, but that they found some other hole a less than a year ago so it was reset quite recently anyway. But I might just have hallucinated that. -- Niklas Nordebo -- [EMAIL PROTECTED] -- +447966251290 The day is seven hours and fifteen minutes old, and already it's crippled with the weight of my evasions, deceit, and downright lies
Re: (Open|Net)BSD local root exploit
* David Cantrell ([EMAIL PROTECTED]) wrote: As there's plenty of BSDers here, and I expect that at least some of you don't subscribe to Bugtraq and friends ... http://www.securityfocus.com/vdb/?id=2873 Yeah but its a local exploit, so it ain't that bad. I'm generally of the opinion (warning ADD discussion on the horizon) that if someone gets into your box they can get r00t, so best to deal with the problem before that and keep a careful eye of people who are you in your box. Its a bit like castle really, with external security and guards wandering the corridors, if a sufficiently skilled assasin/thief can get past the external security, he can evade your normal internal security and kill your king or steal your treasure. Unless of course you hire Vadrienal the Elven Assasin/Fighter to help guard your treasure (ok i'm going to far now). However this reminds me of how a top notch security consultant from a 3 letter company described the security of a product i was at a time involved with (not in a security capacity). He explained in a manner similar to the following Imagine you want to protect something, and its a treasure chest, now you put the treasure chest in a room, you lock the room. The room is in a castle, there are guards wandering the corridors checking for intruders. The castle only has one entrance via the drawbridge, its heavily guarded and all incoming visitors are watched closely. There are guards on the castle wall watching that no one tries to swim the moat. Now imagine a big field, with a treasure chest in the middle of it - this is your security. Greg -- Greg McCarrollhttp://217.34.97.146/~gem/
Re: (Open|Net)BSD local root exploit
On Sat, Jun 16, 2001 at 08:58:02PM +0100, Greg McCarroll wrote: ... ADD discussion on the horizon ... So, anyone else up for some swords n' sorcery malarkey? -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ Good advice is always certain to be ignored, but that's no reason not to give it-- Agatha Christie
