lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE39mBgStIMNq00008c0a@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: No Subject (re: openssh exploit code?)

 unfortunatly the windowz RPC exploit, without PoC
would have gone unheeded in patching had it not
been for a binary release of the exploit, and
that was one of the worst in history. now, despite
the millions of "owned" systems, this vulnerability
is nearly extinct. even i get PoC from friendz
that the author nor myself would release because
of the kiddi's, not because we want to exploit
and say "look at us were so l337" but that we
know how devestating that pre-made PoC
would be. if he ( Mitch ) dont wanna release 
code, he dont have to, PERRIOD. i for one
do believe in full disclosure, but ultimatly the
release of PoC "k0d3z-n-w4r3z" lies with the author.

my2bits (1/4 of a byte )

Donnie Werner
CTO E2 Labs
http://e2-labs.com 
morning_wood@...labs.com

try http://exploitlabs.com "we plug your holes"


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ