RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release
From: Richard M. Smith (rms@computerbytesman.com)
Date: 01/29/03
- Previous message: Blue Boar: "Re: [Full-Disclosure] Re: Full Disclosure != Exploit Release"
- In reply to: Blue Boar: "Re: RE : [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Next in thread: Day Jay: "RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Reply: Day Jay: "RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Reply: Blue Boar: "Re: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Reply: Rick Updegrove (security): "Re: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Richard M. Smith" <rms@computerbytesman.com> To: <full-disclosure@lists.netsys.com> Date: Wed, 29 Jan 2003 16:24:36 -0500
>>> One problem with anyone making private exploits is that
>>> they always seem to get leaked, no matter who it is.
I've written at least a dozen proof-of-concept examples for security
holes. I've given these examples to vendors and shared them with
friends and other security researchers. I'm not aware of any of them
being made public. In addition, I serious doubt that any of the
examples are of much use to anyone except to the vendor who messed up in
the first place.
Vendors probably find the bulk of security holes and I seriously doubt
many of these problems have proof-of-concept code published for them.
OTOH we know that public proof-of-concept examples are going to get into
the wrong hands.
Richard
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Next message: Day Jay: "RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Previous message: Blue Boar: "Re: [Full-Disclosure] Re: Full Disclosure != Exploit Release"
- In reply to: Blue Boar: "Re: RE : [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Next in thread: Day Jay: "RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Reply: Day Jay: "RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Reply: Blue Boar: "Re: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Reply: Rick Updegrove (security): "Re: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
