Full Disclosure mailing list archives
Re: forgotten credit
From: Bugtraq Security Systems <research () bugtraq org>
Date: Fri, 30 Apr 2004 06:07:32 -0400 (EDT)
Dear Johnny, All of us at Bugtraq Security mourn your loss as a soldier for full disclosure. Your advances in cut and paste exploit development will be missed. Love, Team Bugtraq Security On Fri, 30 Apr 2004, johnny cyberpunk wrote:
hi all, first i have to apologize that i've forgotten to also credit juliano from corest in my exploit. i've now heard that he, next to halvar, was also involved while reversing the SSL/PCT bug. sorry, credits should always go to the people that had the most work with it. in addition i wanna thank everyone who send a private mail, regarding my decision not to release any further exploits, but i think it's better not to publish exploitcode any further. i thought long enough about it, and came to the conclusion, that admins or pentesters have enough possibilties to test their environments if the servers are vulnerable or not. there are enough good tools out there to test if the vulnerabilities exist or not. eg. core impact is a really good choice for every company who takes security serious and wants to check their servers for existing bugs. lots of very good and stable information gathering tools and fresh exploits are offered in this software. further developing stable exploits is a very time consuming thing and most pentesters are not payed for writing exploits, for possible vulns they find when auditing a company, coz in most cases it would exceed the time a pentester has for the audits. hence software like impact is also very useful for pentesting companies. the good thing is, that it's much harder for script kiddies to get in touch with powerful exploits like this one, but admins and pentesters are still able to test for vulnerabilities. sure, there will be others who release exploits.that's for sure, but then it's not me who has contributed code that could result to mass owning or virus spreading. i'll still working on releasing some papers or handy tools in future, but no more exploits will go to the public. please, accept my decision. with regards, johnny cyberpunk/thc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- forgotten credit johnny cyberpunk (Apr 29)
- Re: forgotten credit Bugtraq Security Systems (Apr 30)