lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: BlueBoar at thievco.com (Blue Boar)
Subject: Fwd: fuck symantec & boycott bugtraq

Brian McWilliams wrote:
> Like folks said earlier, the "Exploit" tab is missing, but that doesn't 
> mean the exploit is gone. You just have to dig, starting with the stuff 
> in the "Credit" tab, to find the SF mailing list message that spawned 
> the BID in the first place.
> 
> E.g., the BID 1780 exploit is in the original Bugtraq message from NSFOCUS
> 
> http://online.securityfocus.com/archive/1/139490/2003-01-07/2003-01-13/2

Go to this page:
http://216.239.33.100/search?q=cache:9Fbx2EFZanAC:online.securityfocus.com/bid/1780/exploit/
Scroll to the bottom, notice there are two other exploits:
http://online.securityfocus.com/data/vulnerabilities/exploits/sharehack2.zip
http://online.securityfocus.com/data/vulnerabilities/exploits/netbios.tar.gz

Take "sharehack2", for example.  Google shows exactly one other site on the 
Web that has a copy, and only because it shows up in their download stats. 
  It doesn't seem to be on PacketStorm, at least not by that name.

The other exploit seems to be slightly more widely available, but not much.

I don't really think that whether you can find it elsewhere or not is the 
point.  I believe the point is that you've got 2 additional exploits that 
were created outside of the main discussion of the issue on Bugtraq, and 
I'm guessing that at least one of them was submitted by the author directly 
to SF to that it would be placed on the exploit section for that vuln.  If 
someone were looking at BID 1780 on the site now, how would they even know 
to go looking for those missing exploits?

> No conspiracy here ... just laziness by SF/Symantec. It's inconvenient, 
> but there's always Packetstorm if you're in a hurry.

I'm not sure how this qualifies as "laziness".  They went out of their way 
to intentionally remove a feature from the public database.  It's not like 
they've decided it's too much work to keep maintaining or something, 
they've got paying customers for the commercial version.  I can only 
imagine that this was a policy decision because Symantec didn't want to be 
seen as hosting the exploits they are trying to protect their customers 
against.  Same reason they don't make malicious code samples available to 
the public.

						BB

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux