[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030120234728.8965.qmail@web14712.mail.yahoo.com>
From: anoncoder at yahoo.com (Jack Ahz)
Subject: CVS REMOTE VULNERABILITY + STEFAN ESSER : UNSCRUPULOUS
It comes to our attention that certain 'security professionals' abuse their
knowledge of certain vulnerabilities or software - whether through the auditing
of proprietary source trees that ISS does, or by faking GDB output....
But perhaps the greatest abuse is generated by the most unethical whitehat
known as 'Steffan Esser.'
What is worse than somebody who preys on the findings and hard work of others
and passes it off as his own?
This is something that Steffan Esser has done consistently, releasing
moderately high-profile vulnerabilities that other people have discovered, for
which he claims credit.
What are the chances that several talented individuals find some good remote
bugs, and start exploiting them in the wild (or the source code leaks), and
immediately afterwards, Stefan Esser has located the vulnerable code, written
an exploit for it, and published an advisory?
Example: We all remember the remote php mime bug found by teso... leaked to irc
and then shortly later published by Esser.
Next we have the mysql locals, and now the cvs remote... all of which were
found by the same person, then shortly afterwards conveniently "found" by
e-matters security, researched, and published.
Refuse to acknowledge/support whitehat criminals who siphon off the
intellectual property of others and attempt to capitalize on it.
If people are going to act like jackasses, and publish bugs/exploits, then they
should at least find their own. Nobody likes e-matters/lcamtuf/netcat.it style
advisories, and these people will be promptly tossed into the whitehat oven and
incinerated in the future.
Oo~-* Good day *-~oO
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Powered by blists - more mailing lists