lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00fe01c2c7f6$0b8c1fd0$0400a8c0@GIS>
From: security at updegrove.net (Rick Updegrove (security))
Subject: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release

----- Original Message -----
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, January 29, 2003 1:24 PM
Subject: RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full
Disclosure != Exploit Release

> >>> One problem with anyone making private exploits is that
>  >>> they always seem to get leaked, no matter who it is.
>
> I've written at least a dozen proof-of-concept examples for security
> holes.  I've given these examples to vendors and shared them with
> friends and other security researchers.  I'm not aware of any of them
> being made public.  In addition, I serious doubt that any of the
> examples are of much use to anyone except to the vendor who messed up in
> the first place.

Says you.

The problem with that statement of course is that you have no way to prove
it.  So, why even make such a claim?

My opinion:

Making an exclusive club for who gets exploit code is very much
like writing the bible in Latin when only priests read and write Latin.
Sooner or later the people will figure out that the priests are just a bunch
of lazy cowards who don't want to get a real job.  In the end you will not
stop exploit code from getting into the wrong hands period.  Face it, there
is nothing you can do to prevent this from happening.

P.S.  Why do you even subscribe to the full-disclosure list when you are
obviously against full-disclosure?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ