lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: hughmann at (Hugh Mann)
Subject: THCIISSLame exploit

> >THC is a hacker group, not a cracker group.
>Publishing root exploit source code is free speech and is protected.

Some countries don't have free speech, in fact most countries don't have the 
same laws, so you should've said "free speech is protected in XYZ"

>Publishing the binary is VX-ing and is criminal. That is very clear.

Again, you assume this is illegal in every country. This is the Internet, 
there are no laws here. ;)

>To share knowledge with security researchers does not require
>releasing binary executables, professional testers can compile the
>source code for themselves.

Not everyone has a C/C++ compiler. Even if you do have a C/C++ compiler, you 
may have to port the code to your OS which takes time. If you also compile 
the exploit, everyone can test it. You assume a script kiddie can't compile 
an exploit and that the script kidde can't use any of the exploits sent to 
this list if it's only in source form. Nice protection, but it doesn't work.

>Avoid releasing binaries and you will not have problems with the 

I assume you meant to say "Avoid releasing EXPLOIT binaries ..."

FREE pop-up blocking with the new MSN Toolbar  get it now!

Powered by blists - more mailing lists