I agree to Bernard J. Duffys point: +1
First test all patches in a test environment before applying.
If all went OK then apply patches networkwide
We use SUS (now WUS) - others to mention are SMS or CA Unicenter
With SUS you can approve updates if they are running without problems (in
the testlab)
Hello,
johnny cyberpunk wrote:
this is an anouncement that i personally have no more intention to
publish any further exploits to the public.
sad to read that. But it's your decision we have to accept, if we agree
or not, if we like it or not.
too many flames from guys who are too lame to use
Cael Abal said:
Realistically,the lack of a widespread published exploit means an
attack on any given machine is less likely. An admin who chooses
to ignore these probabilities isn't looking at their job with the right
perspective.
You missed the IMHO.
In the Military your generalisation is
Hello,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
nicolas vigier wrote:
| On Tue, 27 Apr 2004, Dave Aitel wrote:
|
| Well, if it's that much of an issue, you can always buy your
| exploits from a commercial source, such as Immunity
| (http://www.immunitysec.com/CANVAS/ . We have an LSASS (one
--
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Evgeny
Demidov
Sent: mercredi 28 avril 2004 11:27
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] no more public exploits
Hello,
-BEGIN PGP SIGNED MESSAGE-
Hash
johnny, take it easy and ignore those lamers, kiddies, and also M$'s
retardates who tried to down thc site to prevent the exploit to be
downloaded. Just do what you like bro.
Speaking of myself, i tend to support non-disclosure than FD.
cheers,
rd/thc
On Tue, 27 Apr 2004, johnny cyberpunk
Hello,
On Wed, 28 Apr 2004 14:03:57 +0200
[EMAIL PROTECTED] wrote:
Other alternative commercial solution CORE Impact
available on
http://www.coresecurity.com/products/coreimpact/index.php,
you can watch
a flash demo on site if you want
I would like to note that there is a difference between
On Tue, 27 Apr 2004, Jedi/Sector One wrote:
On Tue, Apr 27, 2004 at 04:05:13PM -0400, [EMAIL PROTECTED] wrote:
Are you saying that unless there's an exploit
that gives you access to the target machine
your company wouldn't patch
It's a matter of priority.
For most PHBs, proactive
To All,
Well I work in this field so my .0001 cents worth I use s alot of Host IDS
installation across diverse systems these exploits that come out are a good test
to see how well the system reacts one never trusts a vendor no matter how much
hard sell.
now i've tested many exploits against
On Wed, 28 Apr 2004 09:35:43 EDT, Eric LeBlanc [EMAIL PROTECTED] said:
Just to tell your boss that the
worm/DoS/exploit/wathever-that-will-cause-a-severe-damage-on-machines-and-network
will cost them more than keeping their system up to date (with proof).
That would be easy enough to do,
On Wed, 28 Apr 2004 [EMAIL PROTECTED] wrote:
On Wed, 28 Apr 2004 09:35:43 EDT, Eric LeBlanc [EMAIL PROTECTED] said:
So you're left with:
1) Install the patch during the regular patching schedule, with known cost $X
and additional unknown cost $Y if the patch is bad. In addition, this
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] no more public exploits and general PoC
gui de lines
On Tue, 27 Apr 2004, Jedi/Sector One wrote:
On Tue, Apr 27, 2004 at 04:05:13PM -0400, [EMAIL PROTECTED] wrote:
Are you saying that unless there's an exploit
that gives you access to the target
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Kenneth!
On Wed, 28 Apr 2004, Ng, Kenneth (US) wrote:
... the general line of thought seems to be until there is an active
exploit that is blowing away machines on my network, we will do nothing.
Same goes for the vendors. They deny there is
Are you saying that the military has standardized best practices that
mandate the immediate installation of vendor OS patches? If they do, I
highly doubt that such policies are widely adhered to.
The fact is, quickly released security patches can and often do break
applications, particularly when
-Original Message-
From: [EMAIL PROTECTED] [mailto:full-disclosure-
[EMAIL PROTECTED] On Behalf Of Bernard J. Duffy
Sent: Wednesday, April 28, 2004 3:38 PM
To: [EMAIL PROTECTED]
Subject: Re: AW: [Full-Disclosure] no more public exploits
[Soderland, Craig] Much Stuff filtered.
I
: Wednesday, April 28, 2004 3:38 PM
To: [EMAIL PROTECTED]
Subject: Re: AW: [Full-Disclosure] no more public exploits
Are you saying that the military has standardized best practices that
mandate the immediate installation of vendor OS patches? If they do, I
highly doubt that such policies are widely
Of Bernard J.
Duffy
Sent: Wednesday, April 28, 2004 3:38 PM
To: [EMAIL PROTECTED]
Subject: Re: AW: [Full-Disclosure] no more public exploits
Are you saying that the military has standardized best practices that
mandate the immediate installation of vendor OS patches? If they do, I
highly doubt
hi,
this is an anouncement that i personally have no more intention to publish
any
further exploits to the public. too many flames from guys who
are too lame to use the exploits or to fix offsets for other
targets. too many risks that kiddies around the world use it for
bad purposes. i saw, that
Even though I think that the publication of your code might have been a
couple of weeks too soon: too bad you chose to abandon full disclosure. A
lot of people do not have the skills to transform theoretical
vulnerabilities into practical exploits. With the lack of proof that the
vulnerability can
-Disclosure] no more public exploits
Even though I think that the publication of your code might
have been a couple of weeks too soon: too bad you chose to
abandon full disclosure. A lot of people do not have the
skills to transform theoretical vulnerabilities into
practical exploits
do this then they
are capable of creating their own exploits...
kcq
-Original Message-
From: johnny cyberpunk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 11:37 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] no more public exploits
hi,
this is an anouncement that i
2004 19:06
An: johnny cyberpunk; [EMAIL PROTECTED]
Betreff: Re: [Full-Disclosure] no more public exploits
Even though I think that the publication of your code might
have been a couple of weeks too soon: too bad you chose to
abandon full disclosure. A lot of people do not have the
skills
Unsubscribe me please
From: johnny cyberpunk [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] no more public exploits
Date: Tue, 27 Apr 2004 17:36:37 +0200
hi,
this is an anouncement that i personally have no more intention to publish
any
further exploits to the public. too
johnny cyberpunk wrote:
snip
i saw, that the original intention, to publish
exploits, for pentesting or patch verifing purposes didn't work.
remember, that i speak just for me, not for the rest of the group.
Hate to hear that johny but I hope others don't follow your lead. I find
exploits and
On Tue, Apr 27, 2004 at 12:52:26PM -0500, Duquette, John wrote:
That is a terrible policy to follow. If the vulnerability is real enough
for the vendor to publish a patch, then sysadmins should patch their
systems. Haven't all the recent worms taught people anything?
The problem is that many
On Tue, 2004-04-27 at 14:06, Baum, Stefan wrote:
IMHO, no sysadmin taking his work seriously, will wait patching the systems
until an exploit is available throughout the internet.
That may be the case with a handful. But MOST sysadmins that do take
their work seriously DON'T fire for effect
... to say the least.
kcq
-Original Message-
From: Harlan Carvey [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 3:37 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] no more public exploits and general PoC
gui de lines
Well, then the hole
systems. Haven't all the recent worms taught people anything?
However, Johnny I'm sorry to see that people who can't control themselves
on
the Internet have forced you to stop publishing code. Can't say I blame
you, but I don't have to like it.
From what I am noticing arround me, the worms
. April 2004 19:06
An: johnny cyberpunk; [EMAIL PROTECTED]
Betreff: Re: [Full-Disclosure] no more public exploits
Even though I think that the publication of your code might
have been a couple of weeks too soon: too bad you chose to
abandon full disclosure. A lot of people do not have the
skills
To: johnny cyberpunk; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] no more public exploits
Even though I think that the publication of your code might have been a
couple of weeks too soon: too bad you chose to abandon full disclosure. A
lot of people do not have the skills to transform theoretical
Well, then the hole you get stuck in with that
particular situation is systems going unpatched, b/c
there is no exploit for the vulnerability.
A company I used to work for was that way. Regardless
of what security strongly recommended, patches weren't
being installed in a timely manner...largely
that
accidentally break competitors products. There is plenty of blame to go
around.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Duquette,
John
Sent: Tuesday, April 27, 2004 1:52 PM
To: Yabby; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] no more public exploits
On Tue, 27 Apr 2004 20:06:33 +0200, Baum, Stefan [EMAIL PROTECTED] said:
IMHO, no sysadmin taking his work seriously, will wait patching the systems
until an exploit is available throughout the internet.
You've obviously never been the sysadmin who has a corporate VP breathing down
your neck
: Tuesday, April 27, 2004 1:06 PM To: johnny cyberpunk;
| [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] no
| more public exploits
|
|
| Even though I think that the publication of your code might have
| been a couple of weeks too soon: too bad you chose to abandon full
| disclosure. A lot of people
On Tue, Apr 27, 2004 at 04:05:13PM -0400, [EMAIL PROTECTED] wrote:
Are you saying that unless there's an exploit
that gives you access to the target machine
your company wouldn't patch
It's a matter of priority.
For most PHBs, proactive security must be very low priority because
keeping
Heres my two cents :-/
Exploit code is better kept private.
Advisories should be public.
Why?
Because exploit code is not easy to write depending on the bug. And I
for one sure dont want some 'penetration tester' taking my code and
plugging it into his automated scanner and collecting the
Stupid question here...
So the entire point about the not releasing PoC code is so that admins don't
have to worry about patching?
Isn't this anti-security?
I would personally prefer my computer in the middle minefield knowing where
the mines are rather than being in a minefield with only half
On Tue, 27 Apr 2004, Dave Aitel wrote:
Well, if it's that much of an issue, you can always buy your exploits
from a commercial source, such as Immunity
(http://www.immunitysec.com/CANVAS/ . We have an LSASS (one exploit
fits all) and a PCT exploit (ported from SP0-4), so you can show all
And my two cents :
yawn
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Poof [EMAIL PROTECTED] writes:
Stupid question here...
So the entire point about the not releasing PoC code is so that admins don't
have to worry about patching?
[This isn't criticism of anyone; I grabbed a copy of Johnny's exploit
for testing purposes as soon as it came out, and was glad to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
nicolas vigier wrote:
| On Tue, 27 Apr 2004, Dave Aitel wrote:
|
| Well, if it's that much of an issue, you can always buy your
| exploits from a commercial source, such as Immunity
| (http://www.immunitysec.com/CANVAS/ . We have an LSASS (one
|
: James Riden [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 28, 2004 11:56 AM
Subject: Re: [Full-Disclosure] no more public exploits and general PoC gui
de lines
Poof [EMAIL PROTECTED] writes:
Stupid question here...
So the entire point about the not releasing PoC code is so
Baum, Stefan wrote:
IMHO, no sysadmin taking his work seriously, will wait patching the systems
until an exploit is available throughout the internet.
Stefan
(I AM A SYSADMIN)
Cripes, this is the thread that never ends.
What if there were two patches fixing vulnerabilities of equal severity,
one
of the
exploit but did a lot on the advisory. Just a n00bie view.
Borg wrote:
Message: 28
Date: Tue, 27 Apr 2004 13:19:44 -0400
From: chris [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] no more public exploits
Heres my two cents :-/
Exploit code is better kept private.
Advisories
44 matches
Mail list logo