| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: brian at pc-radio.com (Brian McWilliams) Subject: Fwd: fuck symantec & boycott bugtraq Like folks said earlier, the "Exploit" tab is missing, but that doesn't mean the exploit is gone. You just have to dig, starting with the stuff in the "Credit" tab, to find the SF mailing list message that spawned the BID in the first place. E.g., the BID 1780 exploit is in the original Bugtraq message from NSFOCUS http://online.securityfocus.com/archive/1/139490/2003-01-07/2003-01-13/2 E.g., the BID 4485 exploit is in the original Bugtraq message from Eeye http://online.securityfocus.com/archive/1/266937 Both of these are accessible by drilling down from the BID's "Credit" tab. No conspiracy here ... just laziness by SF/Symantec. It's inconvenient, but there's always Packetstorm if you're in a hurry. B. At 02:43 AM 1/10/2003, Faulty wrote: >The links that you posted come from google's cache which it collects when >it crawls webpages if you follow the links to the bugs they arent there. > ><http://online.securityfocus.com/bid/1780/exploit/>http://online.securityfocus.com/bid/1780/exploit/ > >http://online.securityfocus.com/bid/4485/exploit/ > >Regards > >Faulty > >www.b0f.net > > Blue Boar <BlueBoar@...evco.com> wrote: >ohnonono@...hmail.com wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > I am sorry I was not clear because i was angry. Symantec has conviently > removed all the exploits from the database. How can you trust someone who lies? > > > > http://online.securityfocus.com/bid > > > > Where are the exploits? Not like that is going to really stop any > script kiddies or hackers anyway. It just goes to shows you cant trust > symantec (something most of us knew anyway). > > > >Thanks for clarifying. Indeed you are correct. The "exploit" tab has been >entirely removed. Interestingly, at least some of the exploit files are >still there: >http://216.239.33.100/search?q=cache:9Fbx2EFZanAC:online.securityfocus.com/bid/1780/exploit/ >http://216.239.33.100/search?q=cache:Qjh1bVr7VFYC:online.securityfocus.com/bid/4485/exploit/ > >I wonder if the files bein! g left available is simply an oversight that >hasn't been addressed yet. I wonder if they were left available >intentionally because the commercial vulnerability database customers still >get access to the exploits, and possibly their version of the vulnerability >database entries still include the exploit section that links to those files. > >When I was working there, we would occasionally be accused of "selling >exploits". Other people's exploits, to be more specific. I never felt >that the accusation was accurate, because of the fact that the exploits >were made available to the public, and SecurityFocus was simply acting as >an archive. If they have removed them from public view, and are still >keeping them around for the paying customers, then perhaps that accusation >is now valid. > >Used to be that if an exploit writer didn't want their exploit saved for >posterity on securityfocus.com, they could ask, and it would be removed. ! I >guess now one will have no way of knowing if it's there or not. > >BB > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > ><http://uk.yahoo.com/mail/tagline_xtra/?http://uk.docs.yahoo.com/mail_storage.html>With >Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030110/c9f4755b/attachment.html
Powered by blists - more mailing lists