[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030110074350.78069.qmail@web10407.mail.yahoo.com>
From: woot_woot_root at yahoo.co.uk (Faulty)
Subject: Fwd: fuck symantec & boycott bugtraq
The links that you posted come from google's cache which it collects when it crawls webpages if you follow the links to the bugs they arent there.
http://online.securityfocus.com/bid/1780/exploit/
http://online.securityfocus.com/bid/4485/exploit/
Regards
Faulty
www.b0f.net
Blue Boar <BlueBoar@...evco.com> wrote:ohnonono@...hmail.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I am sorry I was not clear because i was angry. Symantec has conviently removed all the exploits from the database. How can you trust someone who lies?
>
> http://online.securityfocus.com/bid
>
> Where are the exploits? Not like that is going to really stop any script kiddies or hackers anyway. It just goes to shows you cant trust symantec (something most of us knew anyway).
>
Thanks for clarifying. Indeed you are correct. The "exploit" tab has been
entirely removed. Interestingly, at least some of the exploit files are
still there:
http://216.239.33.100/search?q=cache:9Fbx2EFZanAC:online.securityfocus.com/bid/1780/exploit/
http://216.239.33.100/search?q=cache:Qjh1bVr7VFYC:online.securityfocus.com/bid/4485/exploit/
I wonder if the files being left available is simply an oversight that
hasn't been addressed yet. I wonder if they were left available
intentionally because the commercial vulnerability database customers still
get access to the exploits, and possibly their version of the vulnerability
database entries still include the exploit section that links to those files.
When I was working there, we would occasionally be accused of "selling
exploits". Other people's exploits, to be more specific. I never felt
that the accusation was accurate, because of the fact that the exploits
were made available to the public, and SecurityFocus was simply acting as
an archive. If they have removed them from public view, and are still
keeping them around for the paying customers, then perhaps that accusation
is now valid.
Used to be that if an exploit writer didn't want their exploit saved for
posterity on securityfocus.com, they could ask, and it would be removed. I
guess now one will have no way of knowing if it's there or not.
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---------------------------------
With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030110/3929f193/attachment.html
Powered by blists - more mailing lists