lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: skylazart at core.cx (Felipe Cerqueira - skylazart)
Subject: no more public exploits

I Agree!!!!

And, if you want check service packs or patchs, all you need is try to
crash it...

Security companies are getting too much money with our "toys".



> Heres my two cents :-/
>
> Exploit code is better kept private.
> Advisories should be public.
>
> Why?
>
> Because exploit code is not easy to write depending on the bug. And I
> for one sure dont want some 'penetration tester' taking my code and
> plugging it into his automated scanner and collecting the cash. Im far
> to greedy to watch that happen. Sorry.
>
> NON-Disclosure of Exploit code.
> Full-Disclosure of Advisories.
>
> As far as the discussion of sysadmins patching on time or not. All I
> will say is this . . .  if they did patch on time there wouldnt be a
> www.zone-h.org.
>
> - borg (ChrisR-)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


- skylazart [at] core.cx


Powered by blists - more mailing lists