Comments inline. ----- Original Message ----- From: <andy_mnat_private> To: <full-disclosureat_private>; <incidentsat_private> Sent: Thursday, September 12, 2002 10:04 AM Subject: Re: [Full-Disclosure] RE: remote kernel exploits? ... > choose just because of someone's choice of operating system? And > what kind of researcher would've given them these tools before > notifying the rest of us anyway? I really think it's time ... > to. So in other words, unless one of these brats comes forward > or the irresponsible security professional who was reckless > with the information, we can never be sure that we have an > operating system with these bugs fixed. ... Why is it that everyone seems to assume that the only people with enough skills to find and abuse an exploit is a "security researcher"? Or a "security professional"? *Please*... Do you have any idea how long it took for the format string vulnerabilities to make it 'public' after they had been discovered? > If they don't deface websites with these exploits, then what > do they do? Steal credit card information? Makes little > difference to my argument. Yup. Or gain access to more 'entertaining' sites. What do you understand to be blackhat motivation? What is a blackhat? Regards, Andrew _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 11:03:48 PDT