Full Disclosure mailing list archives
Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release
From: "Rick Updegrove \(security\)" <security () updegrove net>
Date: Wed, 29 Jan 2003 15:34:15 -0800
----- Original Message ----- From: "Richard M. Smith" <rms () computerbytesman com> To: <full-disclosure () lists netsys com> Sent: Wednesday, January 29, 2003 1:24 PM Subject: RE: [Full-disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release
One problem with anyone making private exploits is that>>> they always seem to get leaked, no matter who it is. I've written at least a dozen proof-of-concept examples for security holes. I've given these examples to vendors and shared them with friends and other security researchers. I'm not aware of any of them being made public. In addition, I serious doubt that any of the examples are of much use to anyone except to the vendor who messed up in the first place.
Says you. The problem with that statement of course is that you have no way to prove it. So, why even make such a claim? My opinion: Making an exclusive club for who gets exploit code is very much like writing the bible in Latin when only priests read and write Latin. Sooner or later the people will figure out that the priests are just a bunch of lazy cowards who don't want to get a real job. In the end you will not stop exploit code from getting into the wrong hands period. Face it, there is nothing you can do to prevent this from happening. P.S. Why do you even subscribe to the full-disclosure list when you are obviously against full-disclosure? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release, (continued)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: RE : [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Day Jay (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- [Secure Network Operations, Inc.] Full Disclosure Conclusion? ATD (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure Conclusion? yossarian (Jan 29)
- RE: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release hellNbak (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Blue Boar (Jan 29)
- Re: [Secure Network Operations, Inc.] Full Disclosure != Exploit Release Rick Updegrove (security) (Jan 29)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Geo (Jan 29)
- RE: RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release Strategic Reconnaissance Team (Jan 29)
- Re: Full Disclosure != Exploit Release Paul Schmehl (Jan 29)
- Re: Re: Full Disclosure != Exploit Release hellNbak (Jan 29)
- RE: Re: Full Disclosure != Exploit Release Richard M. Smith (Jan 29)
- Re: Re: Full Disclosure != Exploit Release Georgi Guninski (Jan 29)
- Re: Re: Full Disclosure != Exploit Release KF (Jan 29)
- Re: Re: Full Disclosure != Exploit Release Blue Boar (Jan 29)