[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [inbox] RE: [Full-Disclosure] What's wrong with this picture?

To: "'Replugge[ROD]'" <packet@xxxxxxx>, <Valdis.Kletnieks@xxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [inbox] RE: [Full-Disclosure] What's wrong with this picture?
From: "Curt Purdy" <purdy@xxxxxxxxxx>
Date: Thu, 26 Feb 2004 16:06:53 -0600

Replugge wrote:

>  The fact that exploit code is made available after the patch
> is released,
> is probably because the researchers
> Made the vulnerability publicly available at same time as the
> patch was
> released, otherwise MS wouldnt give
> Credit to the researchers for the vuln.

Not only that, but I have always suspected the reason for the close
follow-up releasing exploits after patch release is because the value of the
0-day that had been used for whatever purposes the writer wanted was now
null.  At that point, her pride takes over and she releases her work for the
world to see.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] What's wrong with this picture?
  - From: Replugge[ROD]

Prev by Date: RE: [Full-Disclosure] Job Opening in Maryland for Security Resear
Next by Date: [Full-Disclosure] tool to reverse engineer patches???
Previous by thread: Re: [Full-Disclosure] What's wrong with this picture?
Next by thread: FW: [Full-Disclosure] What's wrong with this picture?
Index(es):
- Date
- Thread