[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3E1EEE2C.1070207@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: Fwd: fuck symantec & boycott bugtraq
Brian McWilliams wrote:
> Like folks said earlier, the "Exploit" tab is missing, but that doesn't
> mean the exploit is gone. You just have to dig, starting with the stuff
> in the "Credit" tab, to find the SF mailing list message that spawned
> the BID in the first place.
>
> E.g., the BID 1780 exploit is in the original Bugtraq message from NSFOCUS
>
> http://online.securityfocus.com/archive/1/139490/2003-01-07/2003-01-13/2
Go to this page:
http://216.239.33.100/search?q=cache:9Fbx2EFZanAC:online.securityfocus.com/bid/1780/exploit/
Scroll to the bottom, notice there are two other exploits:
http://online.securityfocus.com/data/vulnerabilities/exploits/sharehack2.zip
http://online.securityfocus.com/data/vulnerabilities/exploits/netbios.tar.gz
Take "sharehack2", for example. Google shows exactly one other site on the
Web that has a copy, and only because it shows up in their download stats.
It doesn't seem to be on PacketStorm, at least not by that name.
The other exploit seems to be slightly more widely available, but not much.
I don't really think that whether you can find it elsewhere or not is the
point. I believe the point is that you've got 2 additional exploits that
were created outside of the main discussion of the issue on Bugtraq, and
I'm guessing that at least one of them was submitted by the author directly
to SF to that it would be placed on the exploit section for that vuln. If
someone were looking at BID 1780 on the site now, how would they even know
to go looking for those missing exploits?
> No conspiracy here ... just laziness by SF/Symantec. It's inconvenient,
> but there's always Packetstorm if you're in a hurry.
I'm not sure how this qualifies as "laziness". They went out of their way
to intentionally remove a feature from the public database. It's not like
they've decided it's too much work to keep maintaining or something,
they've got paying customers for the commercial version. I can only
imagine that this was a policy decision because Symantec didn't want to be
seen as hosting the exploits they are trying to protect their customers
against. Same reason they don't make malicious code samples available to
the public.
BB
Powered by blists - more mailing lists