| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: list at nolog.org (list@...og.org) Subject: no more public exploits Hello, johnny cyberpunk wrote: > this is an anouncement that i personally have no more intention to > publish any further exploits to the public. sad to read that. But it's your decision we have to accept, if we agree or not, if we like it or not. > too many flames from guys who are too lame to use the exploits or to > fix offsets for other targets. too many risks that kiddies around the > world use it for bad purposes. I can understand the first, but not the second. In order to avoid kiddies to use your code, just release source code that is a little bit buggy - with some typos, for example. In contrast to pentesters, kiddies are usually not able to find and correct bugs in a source code, so the code will be useless for them. > i saw, that the original intention, to publish exploits, for > pentesting or patch verifing purposes didn't work. IMHO your intention to publish exploits *does* work. But: There will always be some people that use published exploits for, hmmm, let's say: other purposes. Did you really think that would never happen with yours? That's hard to believe. > remember, that i speak just for me, not for the rest of the group. I hope that others - not only in your group - will not follow your example. GTi
Powered by blists - more mailing lists