| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: research at bugtraq.org (Bugtraq Security Systems) Subject: forgotten credit Dear Johnny, All of us at Bugtraq Security mourn your loss as a soldier for full disclosure. Your advances in cut and paste exploit development will be missed. Love, Team Bugtraq Security On Fri, 30 Apr 2004, johnny cyberpunk wrote: > hi all, > > first i have to apologize that i've forgotten to also credit juliano from > corest in my exploit. > i've now heard that he, next to halvar, was also involved while reversing > the SSL/PCT bug. > sorry, credits should always go to the people that had the most work with > it. > > in addition i wanna thank everyone who send a private mail, regarding my > decision not to release any further exploits, > but i think it's better not to publish exploitcode any further. i thought > long enough about it, > and came to the conclusion, that admins or pentesters have enough > possibilties to test their > environments if the servers are vulnerable or not. > > there are enough good tools out there to test if the vulnerabilities exist > or not. > > eg. core impact is a really good choice for every company who takes security > serious and wants > to check their servers for existing bugs. lots of very good and stable > information gathering tools and fresh exploits > are offered in this software. > > further developing stable exploits is a very time consuming thing and most > pentesters are not payed for writing > exploits, for possible vulns they find when auditing a company, coz in most > cases it would exceed the time a pentester has for the audits. > > hence software like impact is also very useful for pentesting companies. > > the good thing is, that it's much harder for script kiddies to get in touch > with powerful exploits like this one, > but admins and pentesters are still able to test for vulnerabilities. > > sure, there will be others who release exploits.that's for sure, but then > it's not me who has contributed code that > could result to mass owning or virus spreading. > > i'll still working on releasing some papers or handy tools in future, but no > more exploits will go to the public. > > please, accept my decision. > > with regards, > johnny cyberpunk/thc > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists