[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F23BFC0.9000308@guninski.com>
From: guninski at guninski.com (Georgi Guninski)
Subject: DCOM RPC exploit (dcom.c)
Chris Paget wrote:
> Personally, I'm tempted to set up my firewall to NAT incoming requests on port
> 135 to either www.metasploit.com or www.xfocus.org. I know this is the
> full-disclosure list, but working exploit code for an issue this huge is taking
> it a bit far, especially less than 2 weeks after the advisory comes out.
>
IMHO releasing the exploit is ethical and legal.
The root of the problem is m$, they should take responsibility for the worms.
IIRC the m$ EULA states something like "the product is not fit for any purpose".
So the exploit is consistent with the m$ EULA, I can't understand why you whine.
btw, Terry Pratchett has very good writings on IT EULA's and practices - check
"Good Omens" and a disc world book mentioning a disorganizer.
georgi
Powered by blists - more mailing lists