Re: Fwd: fuck symantec & boycott bugtraq

[hellNbak <hellnbak () nmrc org>]

What does having the exploit code attached to the vulnerability
description do to prevent one from researching something?  Are the
advisories not enough to point you in the right direction?

I don't see why everyone is freaking out over SF removing exploit code --
who cares.  Get it elsewhere or make your own.  The advisories are still
there, the information is still there.

Maybe we will get lucky and this will put a few consultants out of
business -- wishful thinking....

On Sun, 12 Jan 2003, O.C.Rochford wrote:

> Date: Sun, 12 Jan 2003 13:46:12 +0000
> From: O.C.Rochford <orochford () inet-sec org>
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Fwd: fuck symantec & boycott bugtraq
>
> hello
>
> that is quite frankly a lot of bollocks.
>
> fact is that you can't research everything yourself, the amount of
> information is just too great, all this does is remove a place where
> peoples own research can be speeded up without having to reinvent the
> wheel, as well as sharing the findings of research.
>
> If you are saying you can audit the code of a whole OS yourself, than
> you must be a code god, and all of these people who bitch about
> "sciptkiddies" and the like just stealing other people's research
> should only say so if they have never made use of these sources
> themselves.
> You have to start somewhere to learn, and you have to be able to pool
> resources to share the load in auditing the amount of code and
> programs available today.
>
> regards
> O.C.Rochford
>
>
>
> Saturday, January 11, 2003, 10:00:08 PM, you wrote:
>
> r> -----BEGIN PGP SIGNED MESSAGE-----
>
> r> [Full-Disclosure] Fwd: fuck symantec & boycott bugtraq
>
> > > (snip) They went out of their way
> > > to intentionally remove a feature from the public database.  It's not
> > > like they've decided it's too much work to keep maintaining or
> > > something, they've got paying customers for the commercial version.
> > > I can only imagine that this was a policy decision because Symantec
> > > didn't want to be seen as hosting the exploits they are trying to
> > > protect their customers against.  Same reason they don't make
> > > malicious code samples available to the public.
>
> r> Corporate ass-covering and profiteering at its worst. No great shock
> r> there.
>
> r> Not that any of this matters, in the long run: the only people this is
> r> going to impact in the slightest are script kiddies (the standard
> r> variety, as well as hidebound ""professionals"" firmly attached to the
> r> corporate teat) too stupid or lazy to research the information
> r> themselves. The community will adapt, one way or another. Those left
> r> behind will have only themselves to blame.
>
>
> r> I say anything which speeds up the Darwinian course of events can only
> r> be a good thing. Let's hear it for natural selection.
>
> r> Ratel.
>
> r> ***
>
>
> r> "Americans used to roar like lions for liberty. Now we bleat
> r> like sheep for security." - Norman Vincent Peale.
>
>
> r> -----BEGIN PGP SIGNATURE-----
> r> Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com
>
> r> iQA/AwUAPiCT0uYNtyh3zif9EQJSRwCfSrfi9LtzXPMa9mHKxso+BtGVMF4AoJDe
> r> qq50xusT9pgg4K4OKm/ucoUK
> r> =A4oR
> r> -----END PGP SIGNATURE-----

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak () nmrc org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html