Re: [Full-Disclosure] forgotten credit

From: Bugtraq Security Systems (research_at_bugtraq.org)
Date: 04/30/04

  • Next message: Slotto Corleone: "Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)"
    To: johnny cyberpunk <johncybpk@gmx.net>
    Date: Fri, 30 Apr 2004 06:07:32 -0400 (EDT)
    
    

    Dear Johnny,

    All of us at Bugtraq Security mourn your loss as a soldier for full
    disclosure. Your advances in cut and paste exploit development will
    be missed.

    Love,
    Team Bugtraq Security

    On Fri, 30 Apr 2004, johnny cyberpunk wrote:

    > hi all,
    >
    > first i have to apologize that i've forgotten to also credit juliano from
    > corest in my exploit.
    > i've now heard that he, next to halvar, was also involved while reversing
    > the SSL/PCT bug.
    > sorry, credits should always go to the people that had the most work with
    > it.
    >
    > in addition i wanna thank everyone who send a private mail, regarding my
    > decision not to release any further exploits,
    > but i think it's better not to publish exploitcode any further. i thought
    > long enough about it,
    > and came to the conclusion, that admins or pentesters have enough
    > possibilties to test their
    > environments if the servers are vulnerable or not.
    >
    > there are enough good tools out there to test if the vulnerabilities exist
    > or not.
    >
    > eg. core impact is a really good choice for every company who takes security
    > serious and wants
    > to check their servers for existing bugs. lots of very good and stable
    > information gathering tools and fresh exploits
    > are offered in this software.
    >
    > further developing stable exploits is a very time consuming thing and most
    > pentesters are not payed for writing
    > exploits, for possible vulns they find when auditing a company, coz in most
    > cases it would exceed the time a pentester has for the audits.
    >
    > hence software like impact is also very useful for pentesting companies.
    >
    > the good thing is, that it's much harder for script kiddies to get in touch
    > with powerful exploits like this one,
    > but admins and pentesters are still able to test for vulnerabilities.
    >
    > sure, there will be others who release exploits.that's for sure, but then
    > it's not me who has contributed code that
    > could result to mass owning or virus spreading.
    >
    > i'll still working on releasing some papers or handy tools in future, but no
    > more exploits will go to the public.
    >
    > please, accept my decision.
    >
    > with regards,
    > johnny cyberpunk/thc
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Slotto Corleone: "Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)"

    Relevant Pages