[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1043786260.4467.2.camel@localhost.localdomain>
From: simon at snosoft.com (ATD)
Subject: [Secure Network Operations, Inc.] Full
Disclosure != Exploit Release
"Day Jay",
I'd like to thank you for further enforcing my point.
On Tue, 2003-01-28 at 14:53, Day Jay wrote:
> Yo, you gotta just respect eeye or die.
> Know what I'm sayin', they don't lie.
> A well written advisoriy can be shy, yo the exploit
> is tight like chai. Fuck with eeye and you die. Don't
> say script kid wrote it, you are making me cry.
>
> You don't see it comin' you are already infected,
> injected and soon they will be resurrected. In your
> face, you suck whitehat dick with grace and must be
> rejected. By people who will never repect you. So shut
> up, sit down, take it like a man, they are about to
> clown. Don't frown, brown is about to make his way
> down to your gay ass town. Running around, they found
> a way to make everyone's shit crash and go away.
>
> This was already known, an exploit was already being
> used, someone automated it using some advanced
> shellcode shoes. Leaving you bruised, this looks like
> a proof of concept virus for your ass, so stop
> drinking boos.
>
> Shit's unreleased haven't you heard the news, phychos
> and biotches are soon to be amused. Shut the front
> door, be quiet and wait to be analally used.
>
> Just wait until someone makes a proof of concept
> internet bringer downer and see what happens you hate
> monger.
>
> Don't be stupid and don't be a snitch, E to the
> motherfuckin' Eye bitch!
>
>
>
> --- Nicolas Villatte <Nicolas.Villatte@...alvas.be>
> wrote:
> > I am sorry but people who made this virus does not
> > appear as script
> > kiddies to me. Do you prefer to be aware of the
> > exploit like the ones
> > that will use it after some modifications or do you
> > prefer only some
> > "elite" is able to harm the systems?
> >
> > Personally, I prefer to die seeing my enemy than
> > being stabbed.
> >
> >
> > -----Message d'origine-----
> > De : full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] De
> > la part de Strategic
> > Reconnaissance Team
> > Envoy? : lundi 27 janvier 2003 3:19
> > : full-disclosure@...ts.netsys.com
> > Objet : [Full-Disclosure] [Secure Network
> > Operations, Inc.] Full
> > Disclosure != Exploit Release
> >
> > All,
> >
> > I have been following the subject of full disclosure
> > for a while, and as
> > most of you know, have dealt with some of the issues
> > that full
> > disclosure can cause (HP/Secure Network
> > Operations/DMCA). While the
> > idea of full disclosure is a good idea, and while we
> > support it, we feel
> > that the exploit source code should not be released
> > to everyone.
> >
> > It is possible to prove a vulnerability exists by
> > releasing well written
> > advisories. Because of this fact, proof of concept
> > code (exploit
> > source) is not a requirement for the education of
> > the possibly
> > vulnerable. Releasing non-malicious exploit code is
> > also not an option
> > as any local script bunny/kiddie can easily render
> > it functional.
> >
> > Proof of concept code is useful for legitimate
> > contract based
> > penetration tests. It is also useful for study as it
> > demonstrates
> > fundamental flaws computers today (not built in
> > security). But again,
> > proof of concept code is not for everyone.
> >
> > I am interested in hearing the opinions of the
> > people on this list. If
> > you are for exploit source disclosure, I would like
> > to hear arguments
> > supported by facts, that explain why. I am equally
> > interested in
> > reasons why not to disclose information.
> >
> > With that said, Secure Network Operations, Inc. will
> > no longer be
> > releasing functional proof of concept code. We may
> > release sufficiently
> > detailed advisories.
> >
> >
> > --
> > Sincerely,
> > Adriel T. Desautels
> > Secure Network Operations, Inc. (SNOsoft)
> > phone: (978) 263-3829 | http://www.snosoft.com
> >
> >
> --------------------------------------------------------------
> >
> >
> http://www.snosoft.com/documents/SNOsoft-corporate-outline.pdf
> > BEDD 0FAD 4CE2 6399 551F 86F5 B036 A540 D47C EC101
> >
> >
> >
>
> > ATTACHMENT part 2 application/x-pkcs7-signature
> name=smime.p7s
>
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
ATD <simon@...soft.com>
Secure Network Operations, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030128/beb1d8a7/attachment.bin
Powered by blists - more mailing lists