lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1043786260.4467.2.camel@localhost.localdomain>
From: simon at snosoft.com (ATD)
Subject: [Secure Network Operations, Inc.] Full
	Disclosure != Exploit Release

"Day Jay",
	I'd like to thank you for further enforcing my point.


On Tue, 2003-01-28 at 14:53, Day Jay wrote:
> Yo, you gotta just respect eeye or die. 
> Know what I'm sayin', they don't lie.
> A well written advisoriy can be shy, yo the exploit
> is tight like chai. Fuck with eeye and you die. Don't
> say script kid wrote it, you are making me cry.
> 
> You don't see it comin' you are already infected,
> injected and soon they will be resurrected. In your
> face, you suck whitehat dick with grace and must be
> rejected. By people who will never repect you. So shut
> up, sit down, take it like a man, they are about to
> clown. Don't frown, brown is about to make his way
> down to your gay ass town. Running around, they found
> a way to make everyone's shit crash and go away.
> 
> This was already known, an exploit was already being
> used, someone automated it using some advanced
> shellcode shoes. Leaving you bruised, this looks like
> a proof of concept virus for your ass, so stop
> drinking boos.
> 
> Shit's unreleased haven't you heard the news, phychos
> and biotches are soon to be amused. Shut the front
> door, be quiet and wait to be analally used.
> 
> Just wait until someone makes a proof of concept
> internet bringer downer and see what happens you hate
> monger.
> 
> Don't be stupid and don't be a snitch, E to the
> motherfuckin' Eye bitch!
> 
> 
> 
> --- Nicolas Villatte <Nicolas.Villatte@...alvas.be>
> wrote:
> > I am sorry but people who made this virus does not
> > appear as script
> > kiddies to me. Do you prefer to be aware of the
> > exploit like the ones
> > that will use it after some modifications or do you
> > prefer only some
> > "elite" is able to harm the systems?
> > 
> > Personally, I prefer to die seeing my enemy than
> > being stabbed.
> > 
> > 
> > -----Message d'origine-----
> > De : full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] De
> > la part de Strategic
> > Reconnaissance Team
> > Envoy? : lundi 27 janvier 2003 3:19
> >  : full-disclosure@...ts.netsys.com
> > Objet : [Full-Disclosure] [Secure Network
> > Operations, Inc.] Full
> > Disclosure != Exploit Release
> > 
> > All, 
> > 
> > I have been following the subject of full disclosure
> > for a while, and as
> > most of you know, have dealt with some of the issues
> > that full
> > disclosure can cause (HP/Secure Network
> > Operations/DMCA).  While the
> > idea of full disclosure is a good idea, and while we
> > support it, we feel
> > that the exploit source code should not be released
> > to everyone.
> > 
> > It is possible to prove a vulnerability exists by
> > releasing well written
> > advisories.  Because of this fact, proof of concept
> > code (exploit
> > source) is not a requirement for the education of
> > the possibly
> > vulnerable. Releasing non-malicious exploit code is
> > also not an option
> > as any local script bunny/kiddie can easily render
> > it functional.
> > 
> > Proof of concept code is useful for legitimate
> > contract based
> > penetration tests. It is also useful for study as it
> > demonstrates
> > fundamental flaws computers today (not built in
> > security). But again,
> > proof of concept code is not for everyone.
> > 
> > I am interested in hearing the opinions of the
> > people on this list. If
> > you are for exploit source disclosure, I would like
> > to hear arguments
> > supported by facts, that explain why.  I am equally
> > interested in
> > reasons why not to disclose information. 
> > 
> > With that said, Secure Network Operations, Inc. will
> > no longer be
> > releasing functional proof of concept code. We may
> > release sufficiently
> > detailed advisories. 
> > 
> > 	
> > -- 
> > Sincerely, 
> > 	Adriel T. Desautels
> > 	Secure Network Operations, Inc. (SNOsoft)
> > 	phone: (978) 263-3829  | http://www.snosoft.com
> > 
> >
> --------------------------------------------------------------
> > 
> >
> http://www.snosoft.com/documents/SNOsoft-corporate-outline.pdf
> > 	BEDD 0FAD 4CE2 6399 551F  86F5 B036 A540 D47C EC101
> > 	
> > 	
> > 
> 
> > ATTACHMENT part 2 application/x-pkcs7-signature
> name=smime.p7s
> 
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 
ATD <simon@...soft.com>
Secure Network Operations, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030128/beb1d8a7/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ