lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: r00t3d at (r00t3d)
Subject: RE: Full-Disclosure: JEPG Hype or Hope?

Dear RandallM,

>This exploit (if it can becalled that) took a lot of thought to
create it and exploit it.

Yea, lots of thought, and ripped shellcode to boot! Can't beat that can ya?

>Correct me if I'm wrong but it does not fall in to the category
>of "exploit" as defined by this list.

Okay, you're wrong.

>This was truly a "created Exploit" 

Seriously? I didn't know exploits were "created" I always thought they
just appeared.

>This is nothing more then a black-hat attack. It is not a meaningful
>revealing of poor security as I've seen defined on this list.
Uh oh, are the blaqhats after us again?? I think we had all better
just pull our whitehats down over our heads and hope they go away. I
hear, if you don't move, the blaqhats won't notice you and will leave,
kind of like with bears. Anyways, last time I checked, it was't
blaqhats that disclosed exploits, it was whitehats and scene whores.


Powered by blists - more mailing lists