[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] no more public exploits and general PoC gui de lines
- To: johncybpk@xxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] no more public exploits and general PoC gui de lines
- From: kquest@xxxxxxxxxxxx
- Date: Tue, 27 Apr 2004 14:36:03 -0400
Having proof of concept code is always valuable
(and the sooner the better),
but I question releasing exploits that execute code
on the target machine. Having a DoS PoC is enough...
The legitimate pentesters will be able to modify the
PoC to execute code on the target while, at the same
time, the "kiddies" will be stuck with something of
little or no use to them. This way everybody is happy.
Some of you might say that some "kiddies" will be able
to modify the DoS PoC to execute code for their malicious
needs. Well, if this is the case, then we are no longer
dealing with "kiddies"... If they can do this then they
are capable of creating their own exploits...
kcq
-----Original Message-----
From: johnny cyberpunk [mailto:johncybpk@xxxxxxx]
Sent: Tuesday, April 27, 2004 11:37 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] no more public exploits
hi,
this is an anouncement that i personally have no more intention to publish
any
further exploits to the public. too many flames from guys who
are too lame to use the exploits or to fix offsets for other
targets. too many risks that kiddies around the world use it for
bad purposes. i saw, that the original intention, to publish
exploits, for pentesting or patch verifing purposes didn't work.
remember, that i speak just for me, not for the rest of the group.
cheers,
johnny cyberpunk/thc
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html