lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <107A63CDD8FCD511BA9F0050BAB07BA82DE52C@NHEX1101>
From: arjen.de.landgraaf at cologic.co.nz (Arjen De Landgraaf)
Subject: openssl exploit code

Erik,

Thank you for your feedback. It is appreciated.

The free database  initiative was taken to contribute to
the 5 or so million IT workers in the world who can't afford the time
to spend 4 hours per day on email lists, trying to flush out
the 1 or 2% that is relevant to them, because their
bosses have more "urgent" things to do for them.

The update is a purely logistical issue.
We felt that one week was sufficient - we may reconsider  this.
We felt is was relevant for 20 mailing lists because the database
covers every subject.

Arjen







Subject: RE: [Full-Disclosure] openssl exploit code

You guys spam a lot too. How did you figure this was relevant for 20 mailing
lists?

Your free database is crap, you hold posts until the "weekly" update, and
try
and profit off of peoples free work, but sending out "alerts". (They could
just subscribe to vulnwatch and bugtraq, and save them self $3000+ a year).

You don't give full access to your database dumps, and I don't see any legal
licensing information.

You and packetstorm both have a nice reputation of being pro-spam now. (PSS
incident was a couple of years ago as Im sure most recall).

Marketing a 'free' database would be a good idea, if it were free.

Get an original idea, and try to profit off of that.

---
Erik Parker
---



> Arjen De Landgraaf (arjen.de.landgraaf@...ogic.co.nz) composed today:

> Well, let's see what happens with this post :)
>
> We have taken the initiative to place a completely free,
> very extensive and complete ICT security vulnerability
> database on the web, for the IT security world to
> use as a possible resource.
>
> www.e-secure-db
>
> E-Secure-DB is the result of a full-time team 24 x 7
> over the last  two years.   Each of the items entered
> in the DB over that time has  been checked by at
> least one person.  No automated posting,
> although we do have most of the  harvesting automated.
>
> No news items like "Man Hacked to Death in Papua
> New Guinea" here, only relevant IT security stuff (well, we think).
>
> Over 60,000 items, with between 50-100 added daily.
> The database is organised in a tree structure, with
> around 2500 folders on almost any subject, including
> product vulns, viruses, news, information etc. No empty folders:)
>
> Updates - last batch update 16 Sept 03.00 New Zealand
> time (GMT +12).
>
> For instance: Info on Slapper / SSL worm in the
> SSL/OpenSSL folder:
>
> http://www.e-secure-db.us/dscgi/ds.py/View/Collection-348
>
> If anyone on this list finds any dead links, or anything
> else we can improve or change in  www.e-secure-db.us
> to make it work better for you, let us know.
>
> mail to: quality@...ecure-it.co.nz
>
> Feedback really appreciated.
>
> Arjen
> CSL
> Auckland
> New Zealand
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: core@...eoa.com [mailto:core@...eoa.com]
> Sent: Tuesday, 17 September 2002 10:55 a.m.
> To: Dave Ahmad; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] openssl exploit code
>
>
> Solar, Dave, hellNbak, all,
>
> On Mon, Sep 16, 2002 at 04:08:54PM -0500, Solar Eclipse wrote:
> > On Mon, Sep 16, 2002 at 02:16:05PM -0600, Dave Ahmad wrote:
> > > An exploit code that lists you as the author has been posted to
Bugtraq.
> > > I would like to request your permission before approving it for
> > > distribution on the list.
>
> That's interesting as a bugtraq moderator approved a post of
> an exploit of mine without asking for consent. Namely
> RaQFuCK.sh. What's worse? I attempted to reply to the person who
> posted my exploit and discuss that I had only sent the exploit to
> full-disclosure but this little piece of information was conveniently
> withheld from bugtraq subscribers. Comments?
>
> peace,
> core
>
> --
>   Charles Stevenson (core) <core@...eoa.com>
>   Lab Assistant, College of Eastern Utah San Juan Campus
>   http://www.bokeoa.com/~core/core.asc
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ