[Full-Disclosure] THCIISSLame exploit

From: Feher Tamas (etomcat_at_freemail.hu)
Date: 04/22/04

  • Next message: Noam Rathaus: "Re: [Full-Disclosure] SSL IIS Remote Root"
    To: full-disclosure@lists.netsys.com
    Date: Thu, 22 Apr 2004 17:10:36 +0200 (CEST)


    >THC is a hacker group, not a cracker group.

    Publishing root exploit source code is free speech and is protected.

    Publishing the binary is VX-ing and is criminal. That is very clear.

    BTW, AV software only alert on binaries. AV firm research labs refuse to
    investigate malware in source code format, even if you send them a
    sample of a brand new one.

    To share knowledge with security researchers does not require
    releasing binary executables, professional testers can compile the
    source code for themselves. Avoid releasing binaries and you will not
    have problems with the authorities.

    Regards, Tamas Feher.

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Noam Rathaus: "Re: [Full-Disclosure] SSL IIS Remote Root"