[dijit]

Words can't describe how normal that is. Exploit tools are require local systems to be super open in order to be frictionless.

Even in the consumer industry; anyone remember all those very silly people who installed backtrack2 (precursor to kali, based on slackware not debian) to their main drive and then went to defcon and got rekt because their OS was insecure (and couldn't be updated!)

Exploit development is a glass cannon, remove all friction to modify the system and craft packets, invoke monitoring modes for hardware and frictionless tracing... that's going to have a security cost.

This echo's a wider issue in the industry "Development" vs "Sysadmin" mindsets, where sysadmins are stifling and developers are all about removing barriers to progress faster and iterate more.

[bowmessage]

What's the story re: backtrack2, for the uninformed?

[dijit]

I'm trying to find a citation here, but it's difficult because "Backtrack 2 ssh exploit defcon" is going to produce a lot of content which is unrelated.

Anyway I can give you the skinny of the situation:

1) Backtrack 2 did not have an installer, it was a live-CD. But that doesn't stop you installing it by just copying the live environment to a disk (with some mount-binding and grub install, you're all good!) There were guides for doing this although they all had large warnings and the backtrack maintainers cautioned heavily against doing it.

2) because it was a liveCD there was no package update mechanism, it was not based on debian at the time so there was no apt or anything similar, even if there was there was no repositories, backtrack was a "tool" not a distro really.

3) sshd is one of the services that gets started on system boot for backtrack2.

4) someone at defcon unveilled an sshd exploit, a pretty nasty one, they had disclosed responsibly and everyone had been patched for at least 6 months, except the people who went against recommendations and installed backtrack2. They all got rooted.

Bonus: everyone who ran backtrack2, without exception, ran it with the root user; as that was the default and they had patched software that normally complains about such things to not complain. xD

[departure]

I don't remember that one but it's similar to the wifi pineapple vulnerability that was being exploited a few years ago.

https://www.csoonline.com/article/2462478/hacker-hunts-and-p...

[FDSGSG]

>4) someone at defcon unveilled an sshd exploit, a pretty nasty one, they had disclosed responsibly and everyone had been patched for at least 6 months, except the people who went against recommendations and installed backtrack2. They all got rooted.

Yeah, I don't think this happened. Nobody has publicly exploited an opensshd rce for ages.

[dijit]

It may have been the kernel; frankly I'm fuzzy on the details I just remember the staunch warnings and feeling vindicated.

This was like 2007-8.

[saagarjha]

> Exploit tools are require local systems to be super open in order to be frictionless.

Yes, but your "local system" that receives traffic or whatever doesn't need to be the one having access to all your data…

[dijit]

That means that your software can never actually be deployed anywhere.

Once deployed your self-produced tools which have very little security protection themselves can be pilfered. Bonus points for tapping into the software deployment platform and downloading everything.