Dailydave mailing list archives
Re: Vulnerabilities Hashes DB needed
From: LMH <lmh () info-pull com>
Date: Wed, 9 May 2007 15:21:07 +0200
On 5/7/07, Dave Aitel <dave.aitel () gmail com> wrote:
There's only one company in the whole world that says "buffer overrun" and that's Microsoft.
Don't forget about Apple there. Oh wait, they just don't say! ;PPPpppppPPp (tm)
Anyways, if vendor monopoly disclosure annoys you, stop doing it. Why aggravate yourself by doing work for other people for free? Life is short. If all you really want is fame, then sell the bugs to whoever can get you the most fame fastest. Or just post them to the list. And I don't think we need a separate hashes list, since dailydave or full disclosure works fine for that and, importantly, is mirrored all over the place.
Apparently nowadays the security industry thinks that the really sexy stuff is actually disclosing issues to vendors. The more, the better. They release one single issue in an utterly crappy piece of software with more flaws than the US education budget, and make a world out of it. Some random junkhead releases one daily and they call him a publicity stunt then ;-) Heck, that's a pretty well balanced situation, isn't it? I'm back playing with my mighty turkey. Hehe. Looks like exploitation techniques, and all that stuff is not hot anymore. And everyone who likes that can't apply for CISSP examination.
I guess my point is this: if you deal the cards, you can make the rules. Otherwise, silence is usually the best option.
It's kind of a dream, but hopefully someday a so-called security company will start making some profit out of the real work and concentrate a bit less on publicity. PR and ladies are good and all that, but I know how it feels to deal with reporters and they aren't the brightest guys on Earth. There are exceptions (really), but just look over some and their relationships towards certain security vendors in time. BTW, how's the average salary for professional trolling these days? I wanna send an application. Is Larry Seltzer still managing that kind of stuff? Or Lynn Fox (the girl who kidnaps Fox Mulder's sister in the X Files). Keep it real. [1] [1]: http://www.youtube.com/watch?v=FjKMhtyI3L8 [2]: http://en.wikipedia.org/wiki/Law_%28Da_Ali_G_Show%29 (BrĂ¼no interview) [3]: http://en.wikipedia.org/wiki/War_%28Da_Ali_G_Show%29 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Vulnerabilities Hashes DB needed shadown (May 06)
- Re: Vulnerabilities Hashes DB needed Dave Aitel (May 06)
- Re: Vulnerabilities Hashes DB needed shadown (May 07)
- Re: Vulnerabilities Hashes DB needed LMH (May 09)
- Re: Vulnerabilities Hashes DB needed Dave Aitel (May 06)