[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] no more public exploits

To: Dave Aitel <dave@xxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] no more public exploits
From: nicolas vigier <boklm@xxxxxxxxxxxxxxxx>
Date: Wed, 28 Apr 2004 01:47:10 +0200

On Tue, 27 Apr 2004, Dave Aitel wrote:

> 
> Well, if it's that much of an issue, you can always buy your exploits
> from a commercial source, such as Immunity
> (http://www.immunitysec.com/CANVAS/ . We have an LSASS (one exploit
> fits all) and a PCT exploit (ported from SP0-4), so you can show all
> your management exactly why they should patch. And you can also feel
> secure that the exploits you download aren't trojaned when you're
> using something with commercial support. At $995 for a full site
> license, including source, CANVAS is cheaper than the alternative...

This is interesting ... This mean that anyone who have enought money
can get the exploits they want. And if people can get theses exploits
as easily, an admin cannot ignore them, and there is no reason to
avoid a public release because the people who really want them for
a bad action aldready have them (they only need money).

And this program seems pretty usefull ...
Does any open source program similar to this one aldready exists ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] no more public exploits
  - From: Dave Aitel

References:
- RE: [Full-Disclosure] no more public exploits
  - From: Ng, Kenneth (US)
- Re: [Full-Disclosure] no more public exploits
  - From: Dave Aitel

Prev by Date: Re: [Full-Disclosure] no more public exploits and general PoC gui de lines
Next by Date: Re: [Full-Disclosure] no more public exploits
Previous by thread: Re: [Full-Disclosure] no more public exploits
Next by thread: Re: [Full-Disclosure] no more public exploits
Index(es):
- Date
- Thread