Re: [Full-Disclosure] forgotten credit

• Previous message: Feher Tamas: "[Full-Disclosure] viruses being sent to list"
• In reply to: johnny cyberpunk: "[Full-Disclosure] forgotten credit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: johnny cyberpunk <johncybpk@gmx.net>
Date: Fri, 30 Apr 2004 06:07:32 -0400 (EDT)

Dear Johnny,

All of us at Bugtraq Security mourn your loss as a soldier for full
disclosure. Your advances in cut and paste exploit development will
be missed.

Love,
Team Bugtraq Security

On Fri, 30 Apr 2004, johnny cyberpunk wrote:

> hi all,
>
> first i have to apologize that i've forgotten to also credit juliano from
> corest in my exploit.
> i've now heard that he, next to halvar, was also involved while reversing
> the SSL/PCT bug.
> sorry, credits should always go to the people that had the most work with
> it.
>
> in addition i wanna thank everyone who send a private mail, regarding my
> decision not to release any further exploits,
> but i think it's better not to publish exploitcode any further. i thought
> long enough about it,
> and came to the conclusion, that admins or pentesters have enough
> possibilties to test their
> environments if the servers are vulnerable or not.
>
> there are enough good tools out there to test if the vulnerabilities exist
> or not.
>
> eg. core impact is a really good choice for every company who takes security
> serious and wants
> to check their servers for existing bugs. lots of very good and stable
> information gathering tools and fresh exploits
> are offered in this software.
>
> further developing stable exploits is a very time consuming thing and most
> pentesters are not payed for writing
> exploits, for possible vulns they find when auditing a company, coz in most
> cases it would exceed the time a pentester has for the audits.
>
> hence software like impact is also very useful for pentesting companies.
>
> the good thing is, that it's much harder for script kiddies to get in touch
> with powerful exploits like this one,
> but admins and pentesters are still able to test for vulnerabilities.
>
> sure, there will be others who release exploits.that's for sure, but then
> it's not me who has contributed code that
> could result to mass owning or virus spreading.
>
> i'll still working on releasing some papers or handy tools in future, but no
> more exploits will go to the public.
>
> please, accept my decision.
>
> with regards,
> johnny cyberpunk/thc
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Feher Tamas: "[Full-Disclosure] viruses being sent to list"
• In reply to: johnny cyberpunk: "[Full-Disclosure] forgotten credit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]