lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1f198c3050630123735493fac@mail.gmail.com>
Date: Thu Jun 30 20:37:54 2005
From: kenneth.d.ng at gmail.com (Kenneth Ng)
Subject: Publishing exploit code - what is it good for

I have had administrators refuse to patch systems until I could prove
that I could break in using an exploit right in front of them.  I've
been told that they need to balance my theoritical risk against their
actual outlay of resources (yet, for some reason, they bet the
lottery).

On 6/30/05, Jason Coombs <jasonc@...ence.org> wrote:
> > What I need is a security administrator, CSO, IT manager or sys admin
> > that can explain why they find public exploits are good for THEIR
> > organizations. Maybe we can start changing public opinion with regards
> > to full disclosure, and hopefully start with this opinion leader.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ