Full Disclosure mailing list archives
Symantec Buys SecurityFocus, among others.
From: full-disclosure () lists netsys com (Steve)
Date: Thu, 18 Jul 2002 18:45:21 -0600
Release exploits with the vaguest of descriptions as to how they work (lost for examples -- just copy'n'paste the "technical bits" of some of the security bulletins from MS...). Have the _only_ PoC code a compiled binary loaded with copyright notices forbidding reversing, etc. Be sure to use some "encryption" (extremely trivial is OK as complexity doesn't matter; can you say XOR?) in the PoC to "protect" the important secret (generally the overflow "string" itself). Be capricious in who you prosecute under the DMCA for incoporating vulnerability detection of this flaw into their products. (Many other "pro-reversing" laws allow reversing if doing so is the only (practical) way to ensure compatibility or system inter-operation -- this should not be a defense against reversing a security vulnerability exploit...)
But how could you stop one from simply setting up a sniffer to "see" what the exploit does on the network or monitor the local system to see what is done? I am all for people releasing exploit code, I see no reason not to, but trying to protect it is a waste of time as there are a million ways, legal ways, around it.
Current thread:
- Symantec Buys SecurityFocus, among others...., (continued)
- Symantec Buys SecurityFocus, among others.... Mark Earnest (Jul 18)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 18)
- Symantec Buys SecurityFocus, among others.... Nexus (Jul 18)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 18)
- Symantec Buys SecurityFocus, among others.... full-disclosure () lists netsys com (Jul 18)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 23)
- Symantec Buys SecurityFocus, among others.... martin f krafft (Jul 18)
- Symantec Buys SecurityFocus, among others.... Blue Boar (Jul 18)
- Symantec Buys SecurityFocus, among others.... Eric Nelson (Jul 18)
- Symantec Buys SecurityFocus, among others.... Blue Boar (Jul 18)
- Symantec Buys SecurityFocus, among others. Nick FitzGerald (Jul 18)
- Symantec Buys SecurityFocus, among others. Steve (Jul 18)
- Symantec Buys SecurityFocus, among others. Brian Hatch (Jul 18)
- Symantec Buys SecurityFocus, among others. Nick FitzGerald (Jul 18)
- Symantec Buys SecurityFocus, among others.... Chris Wysopal (Jul 19)
- Symantec Buys SecurityFocus, among others.... full-disclosure () lists netsys com (Jul 19)
- Symantec Buys SecurityFocus, among others.... hellNbak (Jul 19)
- Symantec Buys SecurityFocus, among others.... Chris Wysopal (Jul 19)
- Symantec Buys SecurityFocus, among others.... Christopher Meiklejohn (Jul 19)
- Symantec Buys SecurityFocus, among others.... full-disclosure () lists netsys com (Jul 19)
- Symantec Buys SecurityFocus, among others.... Nexus (Jul 20)
- 99% Peter van den Heuvel (Jul 20)
- Symantec Buys SecurityFocus, among others.... Chris Wysopal (Jul 20)
- Symantec Buys SecurityFocus, among others.... Nexus (Jul 20)