lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: poptix at techmonkeys.org (Matthew S. Hallacy) Subject: IIS double UTF decoding bug (old) exploit: IIS explorer On Thu, Jul 11, 2002 at 12:26:56PM -0400, Steve wrote: > Since it looks like we are going to have tools to test holes, the policy of > only releasing ones designing to test your own system for flaws, needs to be > in. As Berend says we don't need to make it any easier for script kiddies. > Unfortunately the exploits that are found on the rooted box are pretty much never anti-script kiddie, and the problem with subtle breakage of remote scripts is that it makes it very hard for joe-blow network admin to prove that there /is/ a vulnerability to the people he has to okay a maintenance window with. [snip] > Steve Szmidt -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Powered by blists - more mailing lists