Full Disclosure mailing list archives

Re: Fwd: fuck symantec & boycott bugtraq

From: Blue Boar <BlueBoar () thievco com>
Date: Fri, 10 Jan 2003 08:00:44 -0800

Brian McWilliams wrote:

Like folks said earlier, the "Exploit" tab is missing, but that doesn'tmean the exploit is gone. You just have to dig, starting with the stuffin the "Credit" tab, to find the SF mailing list message that spawnedthe BID in the first place.
E.g., the BID 1780 exploit is in the original Bugtraq message from NSFOCUS

http://online.securityfocus.com/archive/1/139490/2003-01-07/2003-01-13/2


Go to this page:
http://216.239.33.100/search?q=cache:9Fbx2EFZanAC:online.securityfocus.com/bid/1780/exploit/
Scroll to the bottom, notice there are two other exploits:
http://online.securityfocus.com/data/vulnerabilities/exploits/sharehack2.zip
http://online.securityfocus.com/data/vulnerabilities/exploits/netbios.tar.gz

Take "sharehack2", for example. Google shows exactly one other site on theWeb that has a copy, and only because it shows up in their download stats.It doesn't seem to be on PacketStorm, at least not by that name.


The other exploit seems to be slightly more widely available, but not much.

I don't really think that whether you can find it elsewhere or not is thepoint. I believe the point is that you've got 2 additional exploits thatwere created outside of the main discussion of the issue on Bugtraq, andI'm guessing that at least one of them was submitted by the author directlyto SF to that it would be placed on the exploit section for that vuln. Ifsomeone were looking at BID 1780 on the site now, how would they even knowto go looking for those missing exploits?

No conspiracy here ... just laziness by SF/Symantec. It's inconvenient,but there's always Packetstorm if you're in a hurry.

I'm not sure how this qualifies as "laziness". They went out of their wayto intentionally remove a feature from the public database. It's not likethey've decided it's too much work to keep maintaining or something,they've got paying customers for the commercial version. I can onlyimagine that this was a policy decision because Symantec didn't want to beseen as hosting the exploits they are trying to protect their customersagainst. Same reason they don't make malicious code samples available tothe public.


                                                BB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Fwd: fuck symantec & boycott bugtraq ohnonono (Jan 09)
- Re: Fwd: fuck symantec & boycott bugtraq Blue Boar (Jan 09)
- <Possible follow-ups>
- Re: Fwd: fuck symantec & boycott bugtraq ohnonono (Jan 09)
  - Re: Fwd: fuck symantec & boycott bugtraq Blue Boar (Jan 09)
    - Re: Fwd: fuck symantec & boycott bugtraq Faulty (Jan 10)
    - Re: Fwd: fuck symantec & boycott bugtraq Brian McWilliams (Jan 10)
    - Re: Fwd: fuck symantec & boycott bugtraq Blue Boar (Jan 10)
    - Re: Fwd: fuck symantec & boycott bugtraq Ken Dyke (Jan 11)
    - Re: Fwd: fuck symantec & boycott bugtraq Nick Jacobsen (Jan 11)
    - Re: Fwd: fuck symantec & boycott bugtraq Roland Postle (Jan 11)
    - SF archive Nicob (Jan 11)
    - Re: Fwd: fuck symantec & boycott bugtraq Blue Boar (Jan 10)
    - Re: Fwd: fuck symantec & boycott bugtraq Dave Aitel (Jan 10)
  - Re: Fwd: fuck symantec & boycott bugtraq Axel (Jan 09)
  - Re: Fwd: fuck symantec & boycott bugtraq David M. Wilson (Jan 09)
    - Message not available
    - Re: Fwd: fuck symantec & boycott bugtraq David M. Wilson (Jan 10)
    - Re: Fwd: fuck symantec & boycott bugtraq Ka (Jan 10)

(Thread continues...)