openssl exploit code

[arjen.de.landgraaf () cologic co nz (Arjen De Landgraaf)]

Erik,

Thank you for your feedback. It is appreciated.

The free database  initiative was taken to contribute to
the 5 or so million IT workers in the world who can't afford the time
to spend 4 hours per day on email lists, trying to flush out
the 1 or 2% that is relevant to them, because their
bosses have more "urgent" things to do for them.

The update is a purely logistical issue.
We felt that one week was sufficient - we may reconsider  this.
We felt is was relevant for 20 mailing lists because the database
covers every subject.

Arjen







Subject: RE: [Full-disclosure] openssl exploit code

You guys spam a lot too. How did you figure this was relevant for 20 mailing
lists?

Your free database is crap, you hold posts until the "weekly" update, and
try
and profit off of peoples free work, but sending out "alerts". (They could
just subscribe to vulnwatch and bugtraq, and save them self $3000+ a year).

You don't give full access to your database dumps, and I don't see any legal
licensing information.

You and packetstorm both have a nice reputation of being pro-spam now. (PSS
incident was a couple of years ago as Im sure most recall).

Marketing a 'free' database would be a good idea, if it were free.

Get an original idea, and try to profit off of that.

---
Erik Parker
---



> Arjen De Landgraaf (arjen.de.landgraaf () cologic co nz) composed today:

> Well, let's see what happens with this post :)
>
> We have taken the initiative to place a completely free,
> very extensive and complete ICT security vulnerability
> database on the web, for the IT security world to
> use as a possible resource.
>
> www.e-secure-db
>
> E-Secure-DB is the result of a full-time team 24 x 7
> over the last  two years.   Each of the items entered
> in the DB over that time has  been checked by at
> least one person.  No automated posting,
> although we do have most of the  harvesting automated.
>
> No news items like "Man Hacked to Death in Papua
> New Guinea" here, only relevant IT security stuff (well, we think).
>
> Over 60,000 items, with between 50-100 added daily.
> The database is organised in a tree structure, with
> around 2500 folders on almost any subject, including
> product vulns, viruses, news, information etc. No empty folders:)
>
> Updates - last batch update 16 Sept 03.00 New Zealand
> time (GMT +12).
>
> For instance: Info on Slapper / SSL worm in the
> SSL/OpenSSL folder:
>
> http://www.e-secure-db.us/dscgi/ds.py/View/Collection-348
>
> If anyone on this list finds any dead links, or anything
> else we can improve or change in  www.e-secure-db.us
> to make it work better for you, let us know.
>
> mail to: quality () e-secure-it co nz
>
> Feedback really appreciated.
>
> Arjen
> CSL
> Auckland
> New Zealand
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: core () bokeoa com [mailto:core () bokeoa com]
> Sent: Tuesday, 17 September 2002 10:55 a.m.
> To: Dave Ahmad; full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] openssl exploit code
>
>
> Solar, Dave, hellNbak, all,
>
> On Mon, Sep 16, 2002 at 04:08:54PM -0500, Solar Eclipse wrote:
> > On Mon, Sep 16, 2002 at 02:16:05PM -0600, Dave Ahmad wrote:
> > > An exploit code that lists you as the author has been posted to
Bugtraq.
> > > I would like to request your permission before approving it for
> > > distribution on the list.
>
> That's interesting as a bugtraq moderator approved a post of
> an exploit of mine without asking for consent. Namely
> RaQFuCK.sh. What's worse? I attempted to reply to the person who
> posted my exploit and discuss that I had only sent the exploit to
> full-disclosure but this little piece of information was conveniently
> withheld from bugtraq subscribers. Comments?
>
> peace,
> core
>
> --
>   Charles Stevenson (core) <core () bokeoa com>
>   Lab Assistant, College of Eastern Utah San Juan Campus
>   http://www.bokeoa.com/~core/core.asc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html