Full Disclosure mailing list archives
Re: Publishing exploit code - what is it good for
From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Thu, 30 Jun 2005 16:10:46 -0400
Change control policy at one of my jobs put me in an identical situation. I flat out could not patch a machine unless I could produce a cmd.exe or /bin/sh prompt remotely.
Putting that stuff aside how about the vendors that like to try to hide things from you? Vendors love Jedi Mind tricks..."these aren't the droids you are looking for." If PoC is not produced you are never hip to the things that leave your OS vulnerable. For example... http://news.com.com/2100-1023-947325.html
-KF Kenneth Ng wrote:
I have had administrators refuse to patch systems until I could prove that I could break in using an exploit right in front of them. I've been told that they need to balance my theoritical risk against their actual outlay of resources (yet, for some reason, they bet the lottery). On 6/30/05, Jason Coombs <jasonc () science org> wrote:What I need is a security administrator, CSO, IT manager or sys admin that can explain why they find public exploits are good for THEIR organizations. Maybe we can start changing public opinion with regards to full disclosure, and hopefully start with this opinion leader._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Publishing exploit code - what is it good for, (continued)
- Re: Publishing exploit code - what is it good for James Wicks (Jun 30)
- Re: Publishing exploit code - what is it good for Anders B Jansson (Jun 30)
- Re: Publishing exploit code - what is it good for bugtraq (Jun 30)
- Re: Publishing exploit code - what is it good for Ill will (Jun 30)
- Re: Publishing exploit code - what is it good for Gary E. Miller (Jun 30)
- Re: Publishing exploit code - what is it good for Steve Milner (Jun 30)
- Re: Publishing exploit code - what is it good for Matt . Carpenter (Jun 30)
- Re: Publishing exploit code - what is it good for Michael Holstein (Jun 30)
- Re: Publishing exploit code - what is it good for Jason Coombs (Jun 30)
- Re: Publishing exploit code - what is it good for Kenneth Ng (Jun 30)
- Re: Publishing exploit code - what is it good for KF (lists) (Jun 30)
- Re: Publishing exploit code - what is it good for Jason Coombs (Jun 30)
- RE: Publishing exploit code - what is it good for James C Slora Jr (Jun 30)
- Re: Publishing exploit code - what is it good for Thomas Reinke (Jun 30)
- Re: Publishing exploit code - what is it good for John Madden (Jun 30)
- Re: Publishing exploit code - what is it good for Skip Carter (Jun 30)
- Re: Publishing exploit code - what is it good for Damian Menscher (Jun 30)
- RE: Publishing exploit code - what is it good for Glenn.Everhart (Jun 30)
- Re: Publishing exploit code - what is it good for Joxean Koret (Jun 30)
- RE: Publishing exploit code - what is it good for Matt Huston (Jun 30)
- Re: Publishing exploit code - what is it good for John Horn (Jun 30)
- RE: Publishing exploit code - what is it good for Todd Towles (Jun 30)