| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200307271731.h6RHVKr9019557@haackey.com> From: neeko at haackey.com (Neeko Oni) Subject: DCOM RPC exploit (dcom.c) (I originally quoted parts of the original message here, but I decided to make a generic, reusable summary incase more PaidtoPlay admins come out.) Joe Admin of Faceless Corp wrote: >blah, blah, blah ... can't be expected to secure our machines ... blah ... >willing to sacrifice the routers of the world when we get infected ... >blah ... blah ... you just don't understand business ... blah ... blah ... >need time for porn and CS ... blah ... blah ... blah ... $$$ ... $$$ ... >... lots of servers ... too lazy to patch ... shouldn't be expected to ... >$$$ ... $$$ ... > >AND THEN ... >[buzzword] ... $$$ ... $$$ ... $$$ ... [buzzword] When someone makes a hole public, consider it exploited. When the exploit goes public it just means people like Chris can make a dollar off it, and your would-be attackers will be clueless hordes instead of refined attackers. Very little actually changes between advisory release and exploit release; it's just enough to make you guys put away the games and work for a bit, and boo-hoo for you. It's amazing how defensive you guys get when your CS&Porn paychecks are threatened; don't worry! I doubt your managers read F-D/etc. :) .Neek
Powered by blists - more mailing lists