Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerabilities Hashes DB needed

From: LMH <lmh () info-pull com>
Date: Wed, 9 May 2007 15:21:07 +0200
On 5/7/07, Dave Aitel <dave.aitel () gmail com> wrote:

There's only one company in the whole world that says "buffer overrun" and
that's Microsoft.


Don't forget about Apple there. Oh wait, they just don't say! ;PPPpppppPPp (tm)


Anyways, if vendor monopoly disclosure annoys you, stop doing it. Why
aggravate yourself by doing work for other people for free? Life is short.
If all you really want is fame, then sell the bugs to whoever can get you
the most fame fastest. Or just post them to the list. And I don't think we
need a separate hashes list, since dailydave or full disclosure works fine
for that and, importantly, is mirrored all over the place.


Apparently nowadays the security industry thinks that the really sexy
stuff is actually disclosing issues to vendors. The more, the better.
They release one single issue in an utterly crappy
piece of software with more flaws than the US education budget, and
make a world out of it.
Some random junkhead releases one daily and they call him a publicity
stunt then ;-)

Heck, that's a pretty well balanced situation, isn't it? I'm back
playing with my mighty turkey.
Hehe.

Looks like exploitation techniques, and all that stuff is not hot
anymore. And everyone who likes that can't apply for CISSP
examination.


I guess my point is this: if you deal the cards, you can make the rules.
Otherwise, silence is usually the best option.


It's kind of a dream, but hopefully someday a so-called security
company will start making some profit out of the real work and
concentrate a bit less on publicity. PR and ladies are good and all
that, but I know how it feels to deal with reporters and they aren't
the brightest guys on Earth. There are exceptions (really), but just
look over some and their relationships towards certain security
vendors in time.

BTW, how's the average salary for professional trolling these days? I
wanna send an application. Is Larry Seltzer still managing that kind
of stuff? Or Lynn Fox (the girl who kidnaps Fox Mulder's sister in the
X Files).

Keep it real. [1]

[1]: http://www.youtube.com/watch?v=FjKMhtyI3L8
[2]: http://en.wikipedia.org/wiki/Law_%28Da_Ali_G_Show%29 (BrĂ¼no interview)
[3]: http://en.wikipedia.org/wiki/War_%28Da_Ali_G_Show%29
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: