Full Disclosure mailing list archives
openssl exploit code
From: hellnbak () nmrc org (hellNbak)
Date: Mon, 16 Sep 2002 17:28:47 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Solar, While I have nothing to do with Bugtraq I do moderate another full disclosure list out there - VulnWatch. The nature of a moderated lists in general means that the moderator, in this case Dave Ahmad, must first read then approve the message and hopefully do so in a timely manner. I don't know the actual content of the message sent to Bugtraq but from the sounds of it it contained code written by you but was not sent by you. As a moderator I too would have first checked with the author of the code to ensure that I wasn't assisting someone in leaking someone elses code. How does this have anything to do with full disclosure? Would you not want someone to notify you if someone got a hold of your zero day and was distributing it? It seems that a lot of people are confused about what full disclosure really is. Checking if the credited author of code meant to post it to a list is common sense and not anything to do with full disclosure. Moderated full disclosure, in most cases, does not mean censorship at least on any list that I have a hand in. Just my $.02.......... On Mon, 16 Sep 2002, Solar Eclipse wrote:
Date: Mon, 16 Sep 2002 16:08:54 -0500 From: Solar Eclipse <solareclipse () phreedom org> To: Dave Ahmad <da () securityfocus com> Cc: full-disclosure () lists netsys com Subject: [Full-disclosure] openssl exploit code On Mon, Sep 16, 2002 at 02:16:05PM -0600, Dave Ahmad wrote:An exploit code that lists you as the author has been posted to Bugtraq. I would like to request your permission before approving it for distribution on the list.And you call Bugtraq a full disclosure list? Weak. Since you asked, my answer is no. You do not have my permission to post my source code to Bugtraq or anywhere on SecurityFocus, Symantec or any affiliated site. This also covers the source of the apache-ssl worm, which includes substantial stolen parts of my exploit code, unless those parts are properly removed. Solar Eclipse
- -- - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak () nmrc org http://www.nmrc.org/~hellnbak - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9hk0SueD73xSa+/ARAkhOAJ4gBJIMgCMybqNXQvyT7P2f58+C4gCeJ/8U vnlFZc5gdLICxJNZ/RqurFU= =+9Rj -----END PGP SIGNATURE-----
Current thread:
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code hellNbak (Sep 16)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code hellNbak (Sep 16)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code Blue Boar (Sep 16)
- openssl exploit code Florian Weimer (Sep 17)
- openssl exploit code hellNbak (Sep 17)
- openssl exploit code Florian Weimer (Sep 17)
- openssl exploit code Isaak Bloodlore (Sep 17)
- openssl exploit code Ken Pfeil (Sep 17)
- openssl exploit code Solar Eclipse (Sep 16)
- openssl exploit code Jonathan Rickman (Sep 17)
- openssl exploit code hellNbak (Sep 16)