lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: johncybpk at gmx.net (johnny cyberpunk)
Subject: forgotten credit

hi all,

first i have to apologize that i've forgotten to also credit juliano from
corest in my exploit.
i've now heard that he, next to halvar, was also involved while reversing
the SSL/PCT bug.
sorry, credits should always go to the people that had the most work with
it.

in addition i wanna thank everyone who send a private mail, regarding my
decision not to release any further exploits,
but i think it's better not to publish exploitcode any further. i thought
long enough about it,
and came to the conclusion, that admins or pentesters have enough
possibilties to test their
environments if the servers are vulnerable or not.

there are enough good tools out there to test if the vulnerabilities exist
or not.

eg. core impact is a really good choice for every company who takes security
serious and wants
to check their servers for existing bugs. lots of very good and stable
information gathering tools and fresh exploits
are offered in this software.

further developing stable exploits is a very time consuming thing and most
pentesters are not payed for writing
exploits, for possible vulns they find when auditing a company, coz in most
cases it would exceed the time a pentester has for the audits.

hence software like impact is also very useful for pentesting companies.

the good thing is, that it's much harder for script kiddies to get in touch
with powerful exploits like this one,
but admins and pentesters are still able to test for vulnerabilities.

sure, there will be others who release exploits.that's for sure, but then
it's not me who has contributed code that
could result to mass owning or virus spreading.

i'll still working on releasing some papers or handy tools in future, but no
more exploits will go to the public.

please, accept my decision.

with regards,
johnny cyberpunk/thc


Powered by blists - more mailing lists