lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: list at nolog.org (list@...og.org)
Subject: no more public exploits

Hello,

johnny cyberpunk wrote:
> this is an anouncement that i personally have no more intention to 
> publish any further exploits to the public.

sad to read that. But it's your decision we have to accept, if we agree 
or not, if we like it or not.

> too many flames from guys who are too lame to use the exploits or to 
> fix offsets for other targets. too many risks that kiddies around the
> world use it for bad purposes.

I can understand the first, but not the second. In order to avoid
kiddies to use your code, just release source code that is a little bit 
buggy - with some typos, for example. In contrast to pentesters, kiddies 
are usually not able to find and correct bugs in a source code, so the 
code will be useless for them.

> i saw, that the original intention, to publish exploits, for 
> pentesting or patch verifing purposes didn't work. 

IMHO your intention to publish exploits *does* work. But: There will 
always be some people that use published exploits for, hmmm, let's say: 
other purposes. Did you really think that would never happen with yours? 
That's hard to believe.

 > remember, that i speak just for me, not for the rest of the group.

I hope that others - not only in your group - will not follow your example.


GTi


Powered by blists - more mailing lists