Full Disclosure mailing list archives
Re: Sapphire worm POC that fulldisclosure policies hurt everyone
From: KF <dotslash () snosoft com>
Date: Sun, 26 Jan 2003 12:58:13 -0500
>If the ms-sql bug had never been disclosed, and was slipped quietly to >Microsoft, this never would have happened, and the same responsible >administrators would have upgraded their software.
*cough* bulls$#t *cough*...even if this bug was not disclosed to the public there is the same posibility that a worm would be released by some random blackhat community that found the bug and whored it amongst themselves for a while.
blackhats can find and write exploits for worms just as quickly as whitehats can find them and disclose them to the public. The bottom line is some developer made an error that caused a security hole. ANYONE could find and exploit that hole and write a worm for it or admin 1000's of boxes by hand with their uber ./ skills... the disclosure is not the issue.
the damage would be no more or no less that what was already caused had someone released a worm for a bug that microsoft silently fixed. For that matter was code red not just a modification for a similar hole with a similar worm that ms just silently patched a year prior?
-KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Sapphire worm POC that fulldisclosure policies hurt everyone methylketone (Jan 26)
- Re: Sapphire worm POC that fulldisclosure policies hurt everyone KF (Jan 26)
- RE: Sapphire worm POC that fulldisclosure policies hurt everyone Jason Coombs (Jan 26)
- Re: Sapphire worm POC that fulldisclosure policies hurt everyone Simon Richter (Jan 26)
- RE: Sapphire worm POC that fulldisclosure policies hurt everyone Jason Coombs (Jan 26)
- Re: Sapphire worm POC that fulldisclosure policies hurt everyone yossarian (Jan 26)