Full Disclosure mailing list archives
Re: no more public exploits
From: "Exibar" <exibar () thelair com>
Date: Tue, 27 Apr 2004 15:27:09 -0400
I agree, but the timing of the patch for an exploited vulnerability or a non-exploited vulnerability can make a difference. If there's an exploit out in the wild for a vulnerability, you might want to drop everything and patch everything you have. But, if there isn't an exploit, you might be able to get away with adding that patch to your weekly or whatever patching schedule. Exibar (I AM NOT AN ANIMAL!) hehehe ----- Original Message ----- From: "Baum, Stefan" <stefan.baum () eds com> To: <full-disclosure () lists netsys com> Sent: Tuesday, April 27, 2004 2:06 PM Subject: AW: [Full-disclosure] no more public exploits IMHO, no sysadmin taking his work seriously, will wait patching the systems until an exploit is available throughout the internet. Stefan (I AM A SYSADMIN)
-----Ursprüngliche Nachricht----- Von: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] Im Auftrag von Yabby Gesendet: Dienstag, 27. April 2004 19:06 An: johnny cyberpunk; full-disclosure () lists netsys com Betreff: Re: [Full-Disclosure] no more public exploits Even though I think that the publication of your code might have been a couple of weeks too soon: too bad you chose to abandon full disclosure. A lot of people do not have the skills to transform theoretical vulnerabilities into practical exploits. With the lack of proof that the vulnerability can really be exploited, a lot of sysadmins will decide not to patch, leaving the holes in tact for the real blackhats, that have possession of the malicious code anyway.... maartenthis is an anouncement that i personally have no more intention to publish any_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: no more public exploits Baum, Stefan (Apr 27)
- Re: no more public exploits Exibar (Apr 27)
- Re: AW: no more public exploits Byron Copeland (Apr 27)
- Re: AW: no more public exploits Valdis . Kletnieks (Apr 27)
- Re: AW: no more public exploits Cael Abal (Apr 27)
- <Possible follow-ups>
- Re: AW: no more public exploits tcleary2 (Apr 28)
- Re: AW: no more public exploits Bernard J. Duffy (Apr 28)
- RE: AW: no more public exploits Soderland, Craig (Apr 28)
- RE: AW: no more public exploits Ng, Kenneth (US) (Apr 28)
- RE: AW: no more public exploits Blake Wiedman (Apr 28)