Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] forgotten credit

from [Bugtraq Security Systems] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] forgotten credit
Date: Fri, 30 Apr 2004 06:07:32 -0400 (EDT) 
Dear Johnny,

All of us at Bugtraq Security mourn your loss as a soldier for full
disclosure. Your advances in cut and paste exploit development will
be missed.

Love,
Team Bugtraq Security

On Fri, 30 Apr 2004, johnny cyberpunk wrote:


hi all,

first i have to apologize that i've forgotten to also credit juliano from
corest in my exploit.
i've now heard that he, next to halvar, was also involved while reversing
the SSL/PCT bug.
sorry, credits should always go to the people that had the most work with
it.

in addition i wanna thank everyone who send a private mail, regarding my
decision not to release any further exploits,
but i think it's better not to publish exploitcode any further. i thought
long enough about it,
and came to the conclusion, that admins or pentesters have enough
possibilties to test their
environments if the servers are vulnerable or not.

there are enough good tools out there to test if the vulnerabilities exist
or not.

eg. core impact is a really good choice for every company who takes security
serious and wants
to check their servers for existing bugs. lots of very good and stable
information gathering tools and fresh exploits
are offered in this software.

further developing stable exploits is a very time consuming thing and most
pentesters are not payed for writing
exploits, for possible vulns they find when auditing a company, coz in most
cases it would exceed the time a pentester has for the audits.

hence software like impact is also very useful for pentesting companies.

the good thing is, that it's much harder for script kiddies to get in touch
with powerful exploits like this one,
but admins and pentesters are still able to test for vulnerabilities.

sure, there will be others who release exploits.that's for sure, but then
it's not me who has contributed code that
could result to mass owning or virus spreading.

i'll still working on releasing some papers or handy tools in future, but no
more exploits will go to the public.

please, accept my decision.

with regards,
johnny cyberpunk/thc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] i'm searching for good and big dictionaries, thE_iNviNciblE
Next by Date:  [Full-Disclosure] Heads up: Possible lsass worm in the wild, Feher Tamas
Previous by Thread:  [Full-Disclosure] forgotten credit, johnny cyberpunk
Next by Thread:  [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone
Indexes:  [Date] [Thread] [Top] [All Lists]