Re: [Full-Disclosure] no more public exploits

• Previous message: xavier.poli_at_infratech.fr: "RE: [Full-Disclosure] no more public exploits"
• In reply to: chris: "Re: [Full-Disclosure] no more public exploits"
• Next in thread: gcb33_at_dial.pipex.com: "Re: [Full-Disclosure] no more public exploits"
• Reply: gcb33_at_dial.pipex.com: "Re: [Full-Disclosure] no more public exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "chris" <chris@cr-secure.net>
Date: Wed, 28 Apr 2004 09:33:33 -0300 (BRT)

I Agree!!!!

And, if you want check service packs or patchs, all you need is try to
crash it...

Security companies are getting too much money with our "toys".

> Heres my two cents :-/
>
> Exploit code is better kept private.
> Advisories should be public.
>
> Why?
>
> Because exploit code is not easy to write depending on the bug. And I
> for one sure dont want some 'penetration tester' taking my code and
> plugging it into his automated scanner and collecting the cash. Im far
> to greedy to watch that happen. Sorry.
>
> NON-Disclosure of Exploit code.
> Full-Disclosure of Advisories.
>
> As far as the discussion of sysadmins patching on time or not. All I
> will say is this . . . if they did patch on time there wouldnt be a
> www.zone-h.org.
>
> - borg (ChrisR-)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

- skylazart [at] core.cx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: xavier.poli_at_infratech.fr: "RE: [Full-Disclosure] no more public exploits"
• In reply to: chris: "Re: [Full-Disclosure] no more public exploits"
• Next in thread: gcb33_at_dial.pipex.com: "Re: [Full-Disclosure] no more public exploits"
• Reply: gcb33_at_dial.pipex.com: "Re: [Full-Disclosure] no more public exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-disclosure] Fwd: Lets outlaw masssecurityconferencespamming its f****** gay ... micro-manage security mailing lists is something they should not do. ... Full-Disclosure is ment to be about free source, not making money. ... On the issue of how much a vulnerability is worth, ... (Full-Disclosure) Re: [Full-disclosure] Google Groups e-mail disclosure in plain text ... advisories, they're maybe the best posters here. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) Re: [Full-disclosure] Exploit code repository ... > and advisories in their archives -- although that site is not connected ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... (Full-Disclosure) Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Sta ... Subject: [Full-disclosure] UPDATED: RealNetworks RealPlayer ... ierpplug.dll ActiveX Control Multiple Stack Overflows ... Click for your daily horoscope, learn about money, love & family. ... (Full-Disclosure) Re: [Full-disclosure] EUSecWest CFP Closes April 14th (conf May21/22 2008) ... I did a filter for n3td3v in the subject line to filter out that 63 email conversation. ... [Full-disclosure] EUSecWest CFP Closes April 14th (conf May ... is getting beyond a joke now all this unlawful commercial spam. ... These people are making big money and they shouldn't be allowed free ... (Full-Disclosure)