[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] forgotten credit

To: johnny cyberpunk <johncybpk@xxxxxxx>
Subject: Re: [Full-Disclosure] forgotten credit
From: Bugtraq Security Systems <research@xxxxxxxxxxx>
Date: Fri, 30 Apr 2004 06:07:32 -0400 (EDT)

Dear Johnny,

All of us at Bugtraq Security mourn your loss as a soldier for full
disclosure. Your advances in cut and paste exploit development will
be missed.

Love,
Team Bugtraq Security

On Fri, 30 Apr 2004, johnny cyberpunk wrote:

> hi all,
>
> first i have to apologize that i've forgotten to also credit juliano from
> corest in my exploit.
> i've now heard that he, next to halvar, was also involved while reversing
> the SSL/PCT bug.
> sorry, credits should always go to the people that had the most work with
> it.
>
> in addition i wanna thank everyone who send a private mail, regarding my
> decision not to release any further exploits,
> but i think it's better not to publish exploitcode any further. i thought
> long enough about it,
> and came to the conclusion, that admins or pentesters have enough
> possibilties to test their
> environments if the servers are vulnerable or not.
>
> there are enough good tools out there to test if the vulnerabilities exist
> or not.
>
> eg. core impact is a really good choice for every company who takes security
> serious and wants
> to check their servers for existing bugs. lots of very good and stable
> information gathering tools and fresh exploits
> are offered in this software.
>
> further developing stable exploits is a very time consuming thing and most
> pentesters are not payed for writing
> exploits, for possible vulns they find when auditing a company, coz in most
> cases it would exceed the time a pentester has for the audits.
>
> hence software like impact is also very useful for pentesting companies.
>
> the good thing is, that it's much harder for script kiddies to get in touch
> with powerful exploits like this one,
> but admins and pentesters are still able to test for vulnerabilities.
>
> sure, there will be others who release exploits.that's for sure, but then
> it's not me who has contributed code that
> could result to mass owning or virus spreading.
>
> i'll still working on releasing some papers or handy tools in future, but no
> more exploits will go to the public.
>
> please, accept my decision.
>
> with regards,
> johnny cyberpunk/thc
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] forgotten credit
  - From: johnny cyberpunk

Prev by Date: [Full-Disclosure] viruses being sent to list
Next by Date: Re: [Full-Disclosure] i'm searching for good and big dictionaries
Previous by thread: [Full-Disclosure] forgotten credit
Next by thread: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)
Index(es):
- Date
- Thread