Full Disclosure mailing list archives
openssl exploit code
From: arjen.de.landgraaf () cologic co nz (Arjen De Landgraaf)
Date: Wed, 18 Sep 2002 10:05:40 +1200
Erik, Thank you for your feedback. It is appreciated. The free database initiative was taken to contribute to the 5 or so million IT workers in the world who can't afford the time to spend 4 hours per day on email lists, trying to flush out the 1 or 2% that is relevant to them, because their bosses have more "urgent" things to do for them. The update is a purely logistical issue. We felt that one week was sufficient - we may reconsider this. We felt is was relevant for 20 mailing lists because the database covers every subject. Arjen Subject: RE: [Full-disclosure] openssl exploit code You guys spam a lot too. How did you figure this was relevant for 20 mailing lists? Your free database is crap, you hold posts until the "weekly" update, and try and profit off of peoples free work, but sending out "alerts". (They could just subscribe to vulnwatch and bugtraq, and save them self $3000+ a year). You don't give full access to your database dumps, and I don't see any legal licensing information. You and packetstorm both have a nice reputation of being pro-spam now. (PSS incident was a couple of years ago as Im sure most recall). Marketing a 'free' database would be a good idea, if it were free. Get an original idea, and try to profit off of that. --- Erik Parker ---
Arjen De Landgraaf (arjen.de.landgraaf () cologic co nz) composed today:
Well, let's see what happens with this post :) We have taken the initiative to place a completely free, very extensive and complete ICT security vulnerability database on the web, for the IT security world to use as a possible resource. www.e-secure-db E-Secure-DB is the result of a full-time team 24 x 7 over the last two years. Each of the items entered in the DB over that time has been checked by at least one person. No automated posting, although we do have most of the harvesting automated. No news items like "Man Hacked to Death in Papua New Guinea" here, only relevant IT security stuff (well, we think). Over 60,000 items, with between 50-100 added daily. The database is organised in a tree structure, with around 2500 folders on almost any subject, including product vulns, viruses, news, information etc. No empty folders:) Updates - last batch update 16 Sept 03.00 New Zealand time (GMT +12). For instance: Info on Slapper / SSL worm in the SSL/OpenSSL folder: http://www.e-secure-db.us/dscgi/ds.py/View/Collection-348 If anyone on this list finds any dead links, or anything else we can improve or change in www.e-secure-db.us to make it work better for you, let us know. mail to: quality () e-secure-it co nz Feedback really appreciated. Arjen CSL Auckland New Zealand -----Original Message----- From: core () bokeoa com [mailto:core () bokeoa com] Sent: Tuesday, 17 September 2002 10:55 a.m. To: Dave Ahmad; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] openssl exploit code Solar, Dave, hellNbak, all, On Mon, Sep 16, 2002 at 04:08:54PM -0500, Solar Eclipse wrote:On Mon, Sep 16, 2002 at 02:16:05PM -0600, Dave Ahmad wrote:An exploit code that lists you as the author has been posted to
Bugtraq.
I would like to request your permission before approving it for distribution on the list.That's interesting as a bugtraq moderator approved a post of an exploit of mine without asking for consent. Namely RaQFuCK.sh. What's worse? I attempted to reply to the person who posted my exploit and discuss that I had only sent the exploit to full-disclosure but this little piece of information was conveniently withheld from bugtraq subscribers. Comments? peace, core -- Charles Stevenson (core) <core () bokeoa com> Lab Assistant, College of Eastern Utah San Juan Campus http://www.bokeoa.com/~core/core.asc
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- openssl exploit code, (continued)
- openssl exploit code Florian Weimer (Sep 17)
- openssl exploit code Isaak Bloodlore (Sep 17)
- openssl exploit code Ken Pfeil (Sep 17)
- openssl exploit code Jonathan Rickman (Sep 17)
- openssl exploit code hellNbak (Sep 17)
- openssl exploit code Georgi Guninski (Sep 17)
- openssl exploit code Isaak Bloodlore (Sep 17)
- openssl exploit code hellNbak (Sep 16)