Full Disclosure mailing list archives
Re: Publishing exploit code - what is it good for
From: Erick Mechler <emechler () techometer net>
Date: Thu, 30 Jun 2005 10:36:57 -0700
:: Blackhats may get along with only a handful of exploits, if they're :: willing to try to find targets to match their collection, but a :: pentester should have the collection to match the target. :: :: This is doubly true if we're not talking about a dedicated pentester, :: but about a sysadmin with a networking/security background who likes to :: verify that the patches did, indeed, work. To that I say let the people producing the patches deliver the exploit code as a POC that the patches did, indeed, work. Releasing exploit code before the patch is released helps nobody except the blackhats. :: Also, exploits will be distributed, publicly or otherwise - doing it in :: the open means we know what happens when. You should, as an admin, assume that once a vulnerability is released, the exploit has been too, whether you see it attached to the vuln announcement or not. Cheers - Erick _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Publishing exploit code - what is it good for Aviram Jenik (Jun 30)
- Re: Publishing exploit code - what is it good for bruen (Jun 30)
- Re: Publishing exploit code - what is it good for Joachim Schipper (Jun 30)
- Re: Publishing exploit code - what is it good for Erik Fichtner (Jun 30)
- Re: Publishing exploit code - what is it good for Erick Mechler (Jun 30)
- Re: Publishing exploit code - what is it good for devnull (Jun 30)
- Re: Publishing exploit code - what is it good for James Wicks (Jun 30)
- Re: Publishing exploit code - what is it good for Anders B Jansson (Jun 30)
- Re: Publishing exploit code - what is it good for bugtraq (Jun 30)
- Re: Publishing exploit code - what is it good for Ill will (Jun 30)
- Re: Publishing exploit code - what is it good for Gary E. Miller (Jun 30)
- Re: Publishing exploit code - what is it good for Steve Milner (Jun 30)
- Re: Publishing exploit code - what is it good for Matt . Carpenter (Jun 30)
- Re: Publishing exploit code - what is it good for Michael Holstein (Jun 30)
- Re: Publishing exploit code - what is it good for Jason Coombs (Jun 30)
(Thread continues...)