RE: Telnetd exploit for solaris

["Oliver Petruzel" <opetruzel () cox rr com>]

> Or maybe he just has an obsession with knowing how things 
> work.  I know I do... to a fault.
>
> -- 
>
> Marc Soda

HEAR HEAR!  Well said.  And it is THAT menatality which sums up full
disclosure in its entirety. Well said...

I hate to beat a dead horse, but it seems some folks fail to see the
horse at all.  This is the Vuln-Dev mailing list - perhaps the most
dangerous of all the full disclosures because we sit in here and discuss
FUTURE holes and problems.  (so the worst offense the original poster
could have made was posting to the wrong list...) But it being dangerous
is irrelevant.  We cannot eliminate crime by banning the guns - this has
been proven.  So we should all come to this list with the open-mind and
curiosity which makes us admins or hackers to begin with...

Censoring or controlling the flow of code has only one or two merits,
and it's not in the whitehats favor I speak of.  When someone asks for a
script or a piece of elegant code which exploits a publically announced
hole, give it to them.  EVERYTIME!  Let their curiosity and experience
with it be their teacher in creating new and ultimately BETTER security
professionals. Think about it. The more Experts we create, the more
script-kiddies we catch!!

-oliver p.