[Full-disclosure] Re: Publishing exploit code - what is it good for

From: John Madden (maddenj_at_skynet.ie)
Date: 06/30/05

  • Next message: Skip Carter: "[Full-disclosure] Re: Publishing exploit code - what is it good for" 
    Date: Thu, 30 Jun 2005 19:25:17 +0100
To: Aviram Jenik <aviram@beyondsecurity.com>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On (30/06/05 15:13), Aviram Jenik didst pronounce:
    > What I need is a security administrator, CSO, IT manager or sys admin
    > that can explain why they find public exploits are good for THEIR
    > organizations. Maybe we can start changing public opinion with regards
    > to full disclosure, and hopefully start with this opinion leader.
    >
    I sysadmin a small number of machines, mainly Debian based. When an
    exploit comes out, it's usually released as "version X is vulnerable".
    Debian's version numbers don't always directly match releases of the
    vulnerable software, so having exploit code available helps to verify
    whether or not the software is vulnerable, without having to wait for
    Debians advisory, which are usually released later than the vulnerability
    release. It's also very useful to decide whether you need to use a
    workaround (which may cause disruption or change to the service) or not.

    - --
    Chat ya later,

    John.
    - --
    BOFH excuse #1: clock speed
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFCxDkNQBw+ZtKOvTIRAt3oAJ9iaBMYQbS5P0j1K8Sv90L+j1cnggCbBSZ5
    BHK6XUdm1pIwbJkblRVJ2sk=
    =kHrg
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Skip Carter: "[Full-disclosure] Re: Publishing exploit code - what is it good for"