| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200506161538.j5GFcLAB013054@turing-police.cc.vt.edu> Date: Thu Jun 16 16:38:29 2005 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Internet Explorer / Outlook / Microsoft Office private exploit request On Thu, 16 Jun 2005 10:37:55 +0200, metesi said: > If you have, or you think you could get within few weeks, a > undisclosed/unpublished vulnerability (that have to stay private) just > contact us. Even if the 0-day *is* used for "ethical pen-tests", you can't guarantee that the use of said exploit will be able to "have to stay private". There's always the chance that an alert sysadmin will spot the use of the 0-day and the ensuing investigation exposes it to the world. The only way to guarantee that it stays private is: 1) Don't use it. There's always the chance that it will be detected. 2) Don't give a copy to "trusted friends". There's always the chance that your trusted friend shouldn't have been trusted. 3) Don't tell anybody you have a 0-day. There's always the chance some black hat will use *his* 0-day to hack your box and steal yours. And even then, it's not 100% guaranteed.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050616/04300eed/attachment.bin
Powered by blists - more mailing lists