Security Incidents mailing list archives
CERT policy is not to distribute exploits Re: More info regarding: std.pl, the rpc.statd linux mass rooter
From: marc <marc () ZOUNDS NET>
Date: Sun, 17 Dec 2000 14:43:31 -0600
I sent my last post too soon, CERT's faq says they do not distribute exploits: Q: Does this mean CERT/CC is going "full disclosure?" A: We will not distribute exploits, if that's what "full disclosure" means. In our experience, the number of people who can benefit from the availability of exploits is small compared to the number of people who get harmed by people who use exploits maliciously. We will, however, disclose information about vulnerabilities that we might not have previously disclosed. Within the limits of our resources, we will publish information about as many vulnerabilities as we can. marc On 16 Dec 2000, Rainer Weikusat wrote:
marc <marc () ZOUNDS NET> writes:I've heard different things from a lot of people about this. I do not feel comfortable posting the script itself,[...]I will take the full script and send it to CERT, who has requested a copy,<URL:/http://www.kb.cert.org/vuls/html/disclosure> Fortunately, so to say... -- SIGSTOP
marc -*- >*< -*- Christmas list tagline. -*- >*< -*- I hate picking out gifts, dont you? It can be a real hassle. To help out anyone that may consider buying me a gift, I have included a helpful list below. Velcro cable ties. They hold cables together and are reusable. $3, and available many places in computer or stero departments. Ive even seen these at Home Depot. Glowsticks. They are lots of fun, no? Just crack them and they glow for hours. $2, available many places, such as walmart or Home Depot. Sandman Anthologies. Upscale, these will run you around $ 20. These are paper bound books with a slick cover, usually found in bookstores near comic book collections. Published by DC Comics, and written by Neil Gaiman. I have only three of these: "brief lives" "Dream Country" and "The Dream Hunters" (book) If, for some reason, you feel like spending more than $20, please write a check to one of the following: http://www.epic.org http://www.aclu.org
Current thread:
- CERT policy is not to distribute exploits Re: More info regarding: std.pl, the rpc.statd linux mass rooter marc (Dec 18)