lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: poptix at techmonkeys.org (Matthew S. Hallacy)
Subject: IIS double UTF decoding bug (old) exploit:  IIS explorer

On Thu, Jul 11, 2002 at 12:26:56PM -0400, Steve wrote:

> Since it looks like we are going to have tools to test holes, the policy of 
> only releasing ones designing to test your own system for flaws, needs to be 
> in. As Berend says we don't need to make it any easier for script kiddies.
> 

Unfortunately the exploits that are found on the rooted box are pretty
much never anti-script kiddie, and the problem with subtle breakage of
remote scripts is that it makes it very hard for joe-blow network admin
to prove that there /is/ a vulnerability to the people he has to okay
a maintenance window with.

[snip]
> Steve Szmidt

-- 
Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203

Powered by blists - more mailing lists