lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 29 Nov 2008 19:21:14 -0500
From: "j-f sentier" <j.sentiar@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Security industry software license

Oh well.
Let's reverse this, the problem is not metasploit, because metasploit is not
a 0days finder.
Metasploit is develloped for well know vulnerability, and it's intended for
penetration purpose.
So if some lazy sys-admin doesn't patch them software, it's close to them
own fault if they get hijacked.
It's almost criminal, because they put our security (in a scenario we're a
client on this network arch) totally in danger, for some money reasons.

Them work is also to make sure the env is safe, so if you act only as a
production mode, where money & contract drive the network arch design,
you're playing a game that will hurt one day or another, it's just about
time.

You talk about a possible danger about metasploit, so as i sayed let's
reverse this, the danger is this sys-admin and corporation i was
mentionning.
See , with this attitude to say, "oh there's a tool which can hurt us, we
should ban this tool from the Internet" you only contribute to make a
dummier world than it is.
We need to solve the root problem, which is well knowed, people got
crash-landed on the internet, with the government help( i remember a period
where the gov was giving 500 $ to the familly to get  a computer and get on
the internet) and they dont fucking know about how, why, but they go !.
And compagny's are doing the same, they see a treath in
metasploit,nmap,nessus,etc but it isn't ...
none of them are a 0days finder, and if they should be something treated as
potentiall dangerous, it's themself, and right after, the people
crash-landed on the internet.

So patch your fucking software, make some basic monitoring, and read
FD,milw0rm,secfocus as a daily task.

That's what the net is about, that's the rules , if you don't like this
game, then don't put your network on the internet and go to hell, dont blame
such software.
See Mr wallace, this is the kind of attitude who will blow any freedom on
the internet, and you contribute to this, as many others.
That's the facility solution , and it's a mirror of our society.


Cheers J-F

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ