lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <427DCA78.6090908@science.org>
Date: Sun May  8 09:14:40 2005
From: jasonc at science.org (Jason Coombs)
Subject: Firefox Remote Compromise Leaked

tuytumadre@....net wrote:
> So apparently, the secret is out. I wish that this could have been used 
> for good purposes but I guess that just isn't possible these days...

What 'good purposes' did you have in mind?

What higher purpose is there above full disclosure with a proof of 
concept? Disclosure spreads awareness, and awareness allows defense.

The secret is no longer a secret, and it didn't remain one as long as 
you had hoped it would. This reduces the chances that the secret will be 
exploited against people who aren't aware that there is a secret. 
Nothing at all would have been gained by delaying disclosure, other than 
to give attackers a bigger window of opportunity to mount successful 
attacks and design new exploits that will launch successfully against a 
completely unprepared computing public.

Your belief that you could keep a secret, or that you have any right to 
keep such a secret even if you could, is moronic and it's wrong-headed.

Sincerely,

Jason Coombs
jasonc@...ence.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ