Full Disclosure mailing list archives
openssl exploit code
From: solareclipse () phreedom org (Solar Eclipse)
Date: Mon, 16 Sep 2002 19:48:55 -0500
On Mon, Sep 16, 2002 at 05:28:47PM -0400, hellNbak wrote:
While I have nothing to do with Bugtraq I do moderate another full disclosure list out there - VulnWatch. The nature of a moderated lists in general means that the moderator, in this case Dave Ahmad, must first read then approve the message and hopefully do so in a timely manner. I don't know the actual content of the message sent to Bugtraq but from the sounds of it it contained code written by you but was not sent by you. As a moderator I too would have first checked with the author of the code to ensure that I wasn't assisting someone in leaking someone elses code. How does this have anything to do with full disclosure? Would you not want someone to notify you if someone got a hold of your zero day and was distributing it?
Whose interests is a full disclosure mailing list supposed to serve? Those of blackhats who prefer to keep all 0dayz private, or those of system administrators and security professionals who need information about the latest exploits? What's next? Checking if if the vendor has been properly notified and approves of posting the exploit code? Notifying the vendor 6 hours before approving the post? Rejecting certain posts alltogether? The fact is that Dave Ahmad is in a possession of an exploit for OpenSSL and is currently withholding it from the security community. Maybe his corporate masters fear litigation. Or it could be that he is concerned about my feelings. Even TESO didn't get that kind of treatment, this makes me feel so special. Doesn't this make anybody else uncomfortable? Are you going to subscribe to a full disclosure mailing list whose moderator puts Intellectual Property or Corporate Interests before the security of your system? After a few more corporate mergers and takeovers, are you going to send your 0dayz to bugtraq () microsoft com ? And wait 45 days for moderator approval? Solar Eclipse
Current thread:
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code hellNbak (Sep 16)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code hellNbak (Sep 16)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code Blue Boar (Sep 16)
- openssl exploit code Florian Weimer (Sep 17)
- openssl exploit code hellNbak (Sep 17)
- openssl exploit code Florian Weimer (Sep 17)
- openssl exploit code Isaak Bloodlore (Sep 17)
- openssl exploit code Ken Pfeil (Sep 17)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code Jonathan Rickman (Sep 17)
- openssl exploit code hellNbak (Sep 17)
- openssl exploit code hellNbak (Sep 16)