Re: [Full-Disclosure] forgotten credit
From: Bugtraq Security Systems (research_at_bugtraq.org)
To: johnny cyberpunk <email@example.com> Date: Fri, 30 Apr 2004 06:07:32 -0400 (EDT)
All of us at Bugtraq Security mourn your loss as a soldier for full
disclosure. Your advances in cut and paste exploit development will
Team Bugtraq Security
On Fri, 30 Apr 2004, johnny cyberpunk wrote:
> hi all,
> first i have to apologize that i've forgotten to also credit juliano from
> corest in my exploit.
> i've now heard that he, next to halvar, was also involved while reversing
> the SSL/PCT bug.
> sorry, credits should always go to the people that had the most work with
> in addition i wanna thank everyone who send a private mail, regarding my
> decision not to release any further exploits,
> but i think it's better not to publish exploitcode any further. i thought
> long enough about it,
> and came to the conclusion, that admins or pentesters have enough
> possibilties to test their
> environments if the servers are vulnerable or not.
> there are enough good tools out there to test if the vulnerabilities exist
> or not.
> eg. core impact is a really good choice for every company who takes security
> serious and wants
> to check their servers for existing bugs. lots of very good and stable
> information gathering tools and fresh exploits
> are offered in this software.
> further developing stable exploits is a very time consuming thing and most
> pentesters are not payed for writing
> exploits, for possible vulns they find when auditing a company, coz in most
> cases it would exceed the time a pentester has for the audits.
> hence software like impact is also very useful for pentesting companies.
> the good thing is, that it's much harder for script kiddies to get in touch
> with powerful exploits like this one,
> but admins and pentesters are still able to test for vulnerabilities.
> sure, there will be others who release exploits.that's for sure, but then
> it's not me who has contributed code that
> could result to mass owning or virus spreading.
> i'll still working on releasing some papers or handy tools in future, but no
> more exploits will go to the public.
> please, accept my decision.
> with regards,
> johnny cyberpunk/thc
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure - We believe in it.