lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] RE: What's wrong with this picture?

Replugge wrote:

>  The fact that exploit code is made available after the patch
> is released,
> is probably because the researchers
> Made the vulnerability publicly available at same time as the
> patch was
> released, otherwise MS wouldnt give
> Credit to the researchers for the vuln.

Not only that, but I have always suspected the reason for the close
follow-up releasing exploits after patch release is because the value of the
0-day that had been used for whatever purposes the writer wanted was now
null.  At that point, her pride takes over and she releases her work for the
world to see.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ