Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: no more public exploits

From: "Duquette, John" <john.duquette () eds com>
Date: Tue, 27 Apr 2004 12:52:26 -0500
That is a terrible policy to follow.  If the vulnerability is real enough
for the vendor to publish a patch, then sysadmins should patch their
systems.  Haven't all the recent worms taught people anything?

However, Johnny I'm sorry to see that people who can't control themselves on
the Internet have forced you to stop publishing code.  Can't say I blame
you, but I don't have to like it.


-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Yabby
Sent: Tuesday, April 27, 2004 1:06 PM
To: johnny cyberpunk; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] no more public exploits


Even though I think that the publication of your code might 
have been a couple of weeks too soon: too bad you chose to 
abandon full disclosure. A lot of people do not have the 
skills to transform theoretical vulnerabilities into 
practical exploits. With the lack of proof that the 
vulnerability can really be exploited, a lot of sysadmins 
will decide not to patch, leaving the holes in tact for the 
real blackhats, that have possession of the malicious code anyway....

maarten


this is an anouncement that i personally have no more intention to 
publish any


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: