Full Disclosure mailing list archives
Re: no more public exploits
From: "Yabby" <yabby () softhome net>
Date: Tue, 27 Apr 2004 22:00:09 +0200
systems. Haven't all the recent worms taught people anything? However, Johnny I'm sorry to see that people who can't control themselves
on
the Internet have forced you to stop publishing code. Can't say I blame you, but I don't have to like it.
From what I am noticing arround me, the worms of the past (especially
blaster on the windows front) have moved a lot of people to improve patching procedures and take security a lot more seriously. What I notice a lot when performing audits, for instance, is a system being nicely patched with MS03-026, but MS03-039 being absent... A substancial part of the sysadmin population (no, not the serious ones stefan ;-) shrug when their server suddenly reboots (it came back up, didn't it) and won't even notice an additional listener on their system. This last thing is not surprising, because when you keep 20 unnecessary default services running, it is not likely you will notice one more.... However, they initiate immediate action as soon as their director starts complaining that he can't use his spreadsheet because of the fact his workstation keeps rebooting... Got a question for you all. What is more harmfull: 1. exploit code that can be used to convince people that these vulnerabilities pose a realy threat. Yeah, it might evolve into a worm, but this worm will only hit the people that refuse to do what they are payed for anyway, creating awareness for the need of applying security patches at the same time. 2. no exploit code is publicly realeased, causing a lot of administrators not to take the threat seriously. Exploits are only present to parties developing them for themselfes. These parties silently use the exploits on financial instituations, that won't notice or (when finding out) are too embarrassed to make the event public. OR, private exploits are used by foreign countries or multinationals in order to gain a competitative edge... I'll go for the first one if you don't mind... Fact remains that I think that releasing exploit code two weeks after the patch has been made available is a bit quick. Responsible researchers would do everyone a favor on waiting at least a month to allow for full regression testing in testing and pre-production environments... maarten (Who knows that choosing between two wrongs doesn't make one right, but still... you have to make a choice) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- no more public exploits johnny cyberpunk (Apr 27)
- Re: no more public exploits Yabby (Apr 27)
- RE: no more public exploits Curt Purdy (Apr 27)
- Re: no more public exploits list (Apr 28)
- Re: no more public exploits rd (Apr 28)
- <Possible follow-ups>
- RE: no more public exploits Duquette, John (Apr 27)
- Re: no more public exploits Dave Sherohman (Apr 27)
- Re: no more public exploits Yabby (Apr 27)
- Detecting newly added Windows Services (was: no more public exploits) Marcel Krause (Apr 28)
- RE: no more public exploits Douglas Carvalho (Apr 27)
- RE: no more public exploits Ng, Kenneth (US) (Apr 27)
- Re: no more public exploits Dave Aitel (Apr 27)
- Re: no more public exploits nicolas vigier (Apr 27)
- Re: no more public exploits Dave Aitel (Apr 27)
- Re: no more public exploits Dave Aitel (Apr 27)
- RE: no more public exploits Ng, Kenneth (US) (Apr 27)
- Re: no more public exploits chris (Apr 27)
- Re: no more public exploits james (Apr 27)
- Re: no more public exploits Felipe Cerqueira - skylazart (Apr 28)