[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.53.0404300605460.18750@symantec>
From: research at bugtraq.org (Bugtraq Security Systems)
Subject: forgotten credit
Dear Johnny,
All of us at Bugtraq Security mourn your loss as a soldier for full
disclosure. Your advances in cut and paste exploit development will
be missed.
Love,
Team Bugtraq Security
On Fri, 30 Apr 2004, johnny cyberpunk wrote:
> hi all,
>
> first i have to apologize that i've forgotten to also credit juliano from
> corest in my exploit.
> i've now heard that he, next to halvar, was also involved while reversing
> the SSL/PCT bug.
> sorry, credits should always go to the people that had the most work with
> it.
>
> in addition i wanna thank everyone who send a private mail, regarding my
> decision not to release any further exploits,
> but i think it's better not to publish exploitcode any further. i thought
> long enough about it,
> and came to the conclusion, that admins or pentesters have enough
> possibilties to test their
> environments if the servers are vulnerable or not.
>
> there are enough good tools out there to test if the vulnerabilities exist
> or not.
>
> eg. core impact is a really good choice for every company who takes security
> serious and wants
> to check their servers for existing bugs. lots of very good and stable
> information gathering tools and fresh exploits
> are offered in this software.
>
> further developing stable exploits is a very time consuming thing and most
> pentesters are not payed for writing
> exploits, for possible vulns they find when auditing a company, coz in most
> cases it would exceed the time a pentester has for the audits.
>
> hence software like impact is also very useful for pentesting companies.
>
> the good thing is, that it's much harder for script kiddies to get in touch
> with powerful exploits like this one,
> but admins and pentesters are still able to test for vulnerabilities.
>
> sure, there will be others who release exploits.that's for sure, but then
> it's not me who has contributed code that
> could result to mass owning or virus spreading.
>
> i'll still working on releasing some papers or handy tools in future, but no
> more exploits will go to the public.
>
> please, accept my decision.
>
> with regards,
> johnny cyberpunk/thc
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists