[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: Publishing exploit code - what is it good for
- To: Aviram Jenik <aviram@xxxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Re: Publishing exploit code - what is it good for
- From: John Madden <maddenj@xxxxxxxxx>
- Date: Thu, 30 Jun 2005 19:25:17 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On (30/06/05 15:13), Aviram Jenik didst pronounce:
> What I need is a security administrator, CSO, IT manager or sys admin
> that can explain why they find public exploits are good for THEIR
> organizations. Maybe we can start changing public opinion with regards
> to full disclosure, and hopefully start with this opinion leader.
>
I sysadmin a small number of machines, mainly Debian based. When an
exploit comes out, it's usually released as "version X is vulnerable".
Debian's version numbers don't always directly match releases of the
vulnerable software, so having exploit code available helps to verify
whether or not the software is vulnerable, without having to wait for
Debians advisory, which are usually released later than the vulnerability
release. It's also very useful to decide whether you need to use a
workaround (which may cause disruption or change to the service) or not.
- --
Chat ya later,
John.
- --
BOFH excuse #1: clock speed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCxDkNQBw+ZtKOvTIRAt3oAJ9iaBMYQbS5P0j1K8Sv90L+j1cnggCbBSZ5
BHK6XUdm1pIwbJkblRVJ2sk=
=kHrg
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/