Full Disclosure mailing list archives
forgotten credit
From: "johnny cyberpunk" <johncybpk () gmx net>
Date: Fri, 30 Apr 2004 00:30:29 +0200
hi all, first i have to apologize that i've forgotten to also credit juliano from corest in my exploit. i've now heard that he, next to halvar, was also involved while reversing the SSL/PCT bug. sorry, credits should always go to the people that had the most work with it. in addition i wanna thank everyone who send a private mail, regarding my decision not to release any further exploits, but i think it's better not to publish exploitcode any further. i thought long enough about it, and came to the conclusion, that admins or pentesters have enough possibilties to test their environments if the servers are vulnerable or not. there are enough good tools out there to test if the vulnerabilities exist or not. eg. core impact is a really good choice for every company who takes security serious and wants to check their servers for existing bugs. lots of very good and stable information gathering tools and fresh exploits are offered in this software. further developing stable exploits is a very time consuming thing and most pentesters are not payed for writing exploits, for possible vulns they find when auditing a company, coz in most cases it would exceed the time a pentester has for the audits. hence software like impact is also very useful for pentesting companies. the good thing is, that it's much harder for script kiddies to get in touch with powerful exploits like this one, but admins and pentesters are still able to test for vulnerabilities. sure, there will be others who release exploits.that's for sure, but then it's not me who has contributed code that could result to mass owning or virus spreading. i'll still working on releasing some papers or handy tools in future, but no more exploits will go to the public. please, accept my decision. with regards, johnny cyberpunk/thc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- forgotten credit johnny cyberpunk (Apr 29)
- Re: forgotten credit Bugtraq Security Systems (Apr 30)