Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Publishing exploit code - what is it good for

From: John Madden <maddenj () skynet ie>
Date: Thu, 30 Jun 2005 19:25:17 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On (30/06/05 15:13), Aviram Jenik didst pronounce:

What I need is a security administrator, CSO, IT manager or sys admin 
that can explain why they find public exploits are good for THEIR 
organizations. Maybe we can start changing public opinion with regards 
to full disclosure, and hopefully start with this opinion leader.


I sysadmin a small number of machines, mainly Debian based. When an
exploit comes out, it's usually released as "version X is vulnerable". 
Debian's version numbers don't always directly match releases of the 
vulnerable software, so having exploit code available helps to verify 
whether or not the software is vulnerable, without having to wait for 
Debians advisory, which are usually released later than the vulnerability 
release. It's also very useful to decide whether you need to use a 
workaround (which may cause disruption or change to the service) or not.

- -- 
Chat ya later,

John.
- --
BOFH excuse #1: clock speed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCxDkNQBw+ZtKOvTIRAt3oAJ9iaBMYQbS5P0j1K8Sv90L+j1cnggCbBSZ5
BHK6XUdm1pIwbJkblRVJ2sk=
=kHrg
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: