Re: [Full-Disclosure] no more public exploits
To: email@example.com Date: Wed, 28 Apr 2004 12:54:12 +0200
johnny cyberpunk wrote:
> this is an anouncement that i personally have no more intention to
> publish any further exploits to the public.
sad to read that. But it's your decision we have to accept, if we agree
or not, if we like it or not.
> too many flames from guys who are too lame to use the exploits or to
> fix offsets for other targets. too many risks that kiddies around the
> world use it for bad purposes.
I can understand the first, but not the second. In order to avoid
kiddies to use your code, just release source code that is a little bit
buggy - with some typos, for example. In contrast to pentesters, kiddies
are usually not able to find and correct bugs in a source code, so the
code will be useless for them.
> i saw, that the original intention, to publish exploits, for
> pentesting or patch verifing purposes didn't work.
IMHO your intention to publish exploits *does* work. But: There will
always be some people that use published exploits for, hmmm, let's say:
other purposes. Did you really think that would never happen with yours?
That's hard to believe.
> remember, that i speak just for me, not for the rest of the group.
I hope that others - not only in your group - will not follow your example.
Full-Disclosure - We believe in it.