lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: research at bugtraq.org (Bugtraq Security Systems)
Subject: forgotten credit

Dear Johnny,

All of us at Bugtraq Security mourn your loss as a soldier for full
disclosure. Your advances in cut and paste exploit development will
be missed.

Love,
Team Bugtraq Security

On Fri, 30 Apr 2004, johnny cyberpunk wrote:

> hi all,
>
> first i have to apologize that i've forgotten to also credit juliano from
> corest in my exploit.
> i've now heard that he, next to halvar, was also involved while reversing
> the SSL/PCT bug.
> sorry, credits should always go to the people that had the most work with
> it.
>
> in addition i wanna thank everyone who send a private mail, regarding my
> decision not to release any further exploits,
> but i think it's better not to publish exploitcode any further. i thought
> long enough about it,
> and came to the conclusion, that admins or pentesters have enough
> possibilties to test their
> environments if the servers are vulnerable or not.
>
> there are enough good tools out there to test if the vulnerabilities exist
> or not.
>
> eg. core impact is a really good choice for every company who takes security
> serious and wants
> to check their servers for existing bugs. lots of very good and stable
> information gathering tools and fresh exploits
> are offered in this software.
>
> further developing stable exploits is a very time consuming thing and most
> pentesters are not payed for writing
> exploits, for possible vulns they find when auditing a company, coz in most
> cases it would exceed the time a pentester has for the audits.
>
> hence software like impact is also very useful for pentesting companies.
>
> the good thing is, that it's much harder for script kiddies to get in touch
> with powerful exploits like this one,
> but admins and pentesters are still able to test for vulnerabilities.
>
> sure, there will be others who release exploits.that's for sure, but then
> it's not me who has contributed code that
> could result to mass owning or virus spreading.
>
> i'll still working on releasing some papers or handy tools in future, but no
> more exploits will go to the public.
>
> please, accept my decision.
>
> with regards,
> johnny cyberpunk/thc
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists