From: Carl Jongsma (info@skiifwrald.com)
Date: Fri Apr 13 2007 - 16:05:13 EDT
Hi,
I'm probably a little late to this thread, but I picked it up when a
couple of my old advisories were used as examples when discussing SAP
pen-testing. In the month since the thread started, there have been
some interesting releases in terms of SAP pen-testing, with a set of
advisories released based on the findings of an SAP pen-test tool,
and the free release of the same tool:
http://www.skiifwrald.com/pipermail/alertmailinglist_skiifwrald.com/
2007-April/000289.html
In three months time, the researchers who uncovered the
vulnerabilities plan to release detailed technical code of the
vulnerabilities, which should give everyone else an idea as to how
the tool functions (the fact that the RFC library is being targeted
does provide some clues).
Carl
Sūnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:44 EDT