[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Firefox Remote Compromise Leaked
- To: tuytumadre@xxxxxxx
- Subject: Re: [Full-disclosure] Firefox Remote Compromise Leaked
- From: Jason Coombs <jasonc@xxxxxxxxxxx>
- Date: Sat, 07 May 2005 22:14:48 -1000
tuytumadre@xxxxxxx wrote:
So apparently, the secret is out. I wish that this could have been used
for good purposes but I guess that just isn't possible these days...
What 'good purposes' did you have in mind?
What higher purpose is there above full disclosure with a proof of
concept? Disclosure spreads awareness, and awareness allows defense.
The secret is no longer a secret, and it didn't remain one as long as
you had hoped it would. This reduces the chances that the secret will be
exploited against people who aren't aware that there is a secret.
Nothing at all would have been gained by delaying disclosure, other than
to give attackers a bigger window of opportunity to mount successful
attacks and design new exploits that will launch successfully against a
completely unprepared computing public.
Your belief that you could keep a secret, or that you have any right to
keep such a secret even if you could, is moronic and it's wrong-headed.
Sincerely,
Jason Coombs
jasonc@xxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/