| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hellnbak at nmrc.org (hellNbak) Subject: Fwd: fuck symantec & boycott bugtraq What does having the exploit code attached to the vulnerability description do to prevent one from researching something? Are the advisories not enough to point you in the right direction? I don't see why everyone is freaking out over SF removing exploit code -- who cares. Get it elsewhere or make your own. The advisories are still there, the information is still there. Maybe we will get lucky and this will put a few consultants out of business -- wishful thinking.... On Sun, 12 Jan 2003, O.C.Rochford wrote: > Date: Sun, 12 Jan 2003 13:46:12 +0000 > From: O.C.Rochford <orochford@...t-sec.org> > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Fwd: fuck symantec & boycott bugtraq > > hello > > that is quite frankly a lot of bollocks. > > fact is that you can't research everything yourself, the amount of > information is just too great, all this does is remove a place where > peoples own research can be speeded up without having to reinvent the > wheel, as well as sharing the findings of research. > > If you are saying you can audit the code of a whole OS yourself, than > you must be a code god, and all of these people who bitch about > "sciptkiddies" and the like just stealing other people's research > should only say so if they have never made use of these sources > themselves. > You have to start somewhere to learn, and you have to be able to pool > resources to share the load in auditing the amount of code and > programs available today. > > regards > O.C.Rochford > > > > Saturday, January 11, 2003, 10:00:08 PM, you wrote: > > r> -----BEGIN PGP SIGNED MESSAGE----- > > r> [Full-Disclosure] Fwd: fuck symantec & boycott bugtraq > > >>(snip) They went out of their way > >>to intentionally remove a feature from the public database. It's not > >>like they've decided it's too much work to keep maintaining or > >>something, they've got paying customers for the commercial version. > >>I can only imagine that this was a policy decision because Symantec > >>didn't want to be seen as hosting the exploits they are trying to > >>protect their customers against. Same reason they don't make > >>malicious code samples available to the public. > > r> Corporate ass-covering and profiteering at its worst. No great shock > r> there. > > r> Not that any of this matters, in the long run: the only people this is > r> going to impact in the slightest are script kiddies (the standard > r> variety, as well as hidebound ""professionals"" firmly attached to the > r> corporate teat) too stupid or lazy to research the information > r> themselves. The community will adapt, one way or another. Those left > r> behind will have only themselves to blame. > > > r> I say anything which speeds up the Darwinian course of events can only > r> be a good thing. Let's hear it for natural selection. > > r> Ratel. > > r> *** > > > r> "Americans used to roar like lions for liberty. Now we bleat > r> like sheep for security." - Norman Vincent Peale. > > > r> -----BEGIN PGP SIGNATURE----- > r> Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com > > r> iQA/AwUAPiCT0uYNtyh3zif9EQJSRwCfSrfi9LtzXPMa9mHKxso+BtGVMF4AoJDe > r> qq50xusT9pgg4K4OKm/ucoUK > r> =A4oR > r> -----END PGP SIGNATURE----- > > > > -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak@...c.org http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Powered by blists - more mailing lists