[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE39mBgStIMNq00008c0a@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: No Subject (re: openssh exploit code?)
unfortunatly the windowz RPC exploit, without PoC
would have gone unheeded in patching had it not
been for a binary release of the exploit, and
that was one of the worst in history. now, despite
the millions of "owned" systems, this vulnerability
is nearly extinct. even i get PoC from friendz
that the author nor myself would release because
of the kiddi's, not because we want to exploit
and say "look at us were so l337" but that we
know how devestating that pre-made PoC
would be. if he ( Mitch ) dont wanna release
code, he dont have to, PERRIOD. i for one
do believe in full disclosure, but ultimatly the
release of PoC "k0d3z-n-w4r3z" lies with the author.
my2bits (1/4 of a byte )
Donnie Werner
CTO E2 Labs
http://e2-labs.com
morning_wood@...labs.com
try http://exploitlabs.com "we plug your holes"
Powered by blists - more mailing lists