Penetration Testing mailing list archives
RE: Scanners and unpublished vulnerabilities - Full Disclosure
From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Tue, 28 May 2002 23:17:57 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:28 PM 5/28/2002, Ryan Russell wrote:
On Tue, 28 May 2002, Deus, Attonbitus wrote:Let's put this in perspective. You supplied exploit code for the idq vulnerability. All manner of folk blamed you (incorrectly) for Code RedMinor nit: eEye did not release any exploit code for the ida/idq to the public. They said they were going to in the initial release of their advisory, and later changed their minds. In fact, if you're paying close attention, that vulnerability is when they quit releasing exploits with their advisories.
Sorry to all- I should have said "example" code, not "exploit" code... Big difference there, and I am glad you corrected that. My main point was the inclusion of a road map that lead to the ida extension, in response to like references being considered irresponsible. But, Marc has since pulled back, so not much point in my belaboring it. Similar example code has been released with most (if not all) of the other advisories.
Just wanted to clarify. I keep seeing this repeated, and it's turning into one of those infosec urban legends, like Kevin hacking NORAD or being on the FBI most wanted list.
Yeah, but Kevin *can* discern DTFM tones with his naked ear! That's good enough for me ;) Tim -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPPRylYhsmyD15h5gEQI0LwCg1wwf6w0UqbQfsNgiBo1JciWPTi4AoPYN XrmYYwQGkcPqmnPLqj/hYY6z =6Ei8 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Scanners and unpublished vulnerabilities - Full Disclosure, (continued)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Alfred Huger (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Raju Mathur (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure R. DuFresne (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Alfred Huger (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Pierre Vandevenne (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Drew (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Ryan Russell (May 29)
- Message not available
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Deus, Attonbitus (May 29)
- RE: Scanners and unpublished vulnerabilities - Full Disclosure Marc Maiffret (May 28)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Brad Mills (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure batz (May 29)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure Jon Bull (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure David Litchfield (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure hellNbak (May 30)
- Re: Scanners and unpublished vulnerabilities - Full Disclosure J Jacoby (May 31)