RE: Scanners and unpublished vulnerabilities - Full Disclosure
From: Deus, Attonbitus (Thor@HammerofGod.com)Date: 05/29/02
- Previous message: R. DuFresne: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
- Maybe in reply to: Alfred Huger: "Scanners and unpublished vulnerabilities - Full Disclosure"
- Next in thread: Muhammad Faisal Rauf Danka: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 May 2002 23:17:57 -0700 To: Ryan Russell <ryan@securityfocus.com> From: "Deus, Attonbitus" <Thor@HammerofGod.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:28 PM 5/28/2002, Ryan Russell wrote:
>On Tue, 28 May 2002, Deus, Attonbitus wrote:
> > Let's put this in perspective. You supplied exploit code for the idq
> > vulnerability. All manner of folk blamed you (incorrectly) for Code Red
>
>Minor nit: eEye did not release any exploit code for the ida/idq to the
>public. They said they were going to in the initial release of their
>advisory, and later changed their minds. In fact, if you're paying close
>attention, that vulnerability is when they quit releasing exploits with
>their advisories.
Sorry to all- I should have said "example" code, not "exploit" code... Big
difference there, and I am glad you corrected that. My main point was the
inclusion of a road map that lead to the ida extension, in response to like
references being considered irresponsible. But, Marc has since pulled back,
so not much point in my belaboring it. Similar example code has been
released with most (if not all) of the other advisories.
>Just wanted to clarify. I keep seeing this repeated, and it's turning
>into one of those infosec urban legends, like Kevin hacking NORAD or being
>on the FBI most wanted list.
Yeah, but Kevin *can* discern DTFM tones with his naked ear! That's good
enough for me ;)
Tim
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPPRylYhsmyD15h5gEQI0LwCg1wwf6w0UqbQfsNgiBo1JciWPTi4AoPYN
XrmYYwQGkcPqmnPLqj/hYY6z
=6Ei8
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: R. DuFresne: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
- Maybe in reply to: Alfred Huger: "Scanners and unpublished vulnerabilities - Full Disclosure"
- Next in thread: Muhammad Faisal Rauf Danka: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
