lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200301292213.h0TMDbBK020780@mailserver4.hushmail.com>
From: backed.up.by.2048.bit.encryption at hushmail.com (backed.up.by.2048.bit.encryption@...hmail.com)
Subject: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release

-----BEGIN PGP SIGNED MESSAGE-----

Probably because none of them were terrible important or interesting. Didn't they all revolve around "web bugs" or "cookies" and "supercookies" and the like? Essentially "stupid pet tricks"?

Hardly enough to give a script kiddy an erection?

Definitely not in the same league as Georgi Guninski's findings and absolutely not in David Litchfield's.

- ----- Original Message -----
From: Richard M. Smith

>>> One problem with anyone making private exploits is that
 >>> they always seem to get leaked, no matter who it is.

I've written at least a dozen proof-of-concept examples for security
holes.  I've given these examples to vendors and shared them with
friends and other security researchers.  I'm not aware of any of them
being made public.  In addition, I serious doubt that any of the
examples are of much use to anyone except to the vendor who messed up in
the first place.

Vendors probably find the bulk of security holes and I seriously doubt
many of these problems have proof-of-concept code published for them.

OTOH we know that public proof-of-concept examples are going to get into
the wrong hands.

Richard
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wnUEARECADUFAj44UZcuHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
c2htYWlsLmNvbQAKCRDEHQGvBp4eRHrmAJkB+xIhEUWPfNXVbYEqAQNBHgA1dQCfRKdh
tkxti9byVRWQemicBGq8X+c=
=VHyZ
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ