What does having the exploit code attached to the vulnerability description do to prevent one from researching something? Are the advisories not enough to point you in the right direction?
I don't see why everyone is freaking out over SF removing exploit code -- who cares. Get it elsewhere or make your own. The advisories are still there, the information is still there. Maybe we will get lucky and this will put a few consultants out of business -- wishful thinking.... On Sun, 12 Jan 2003, O.C.Rochford wrote: > Date: Sun, 12 Jan 2003 13:46:12 +0000 > From: O.C.Rochford <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Fwd: fuck symantec & boycott bugtraq > > hello > > that is quite frankly a lot of bollocks. > > fact is that you can't research everything yourself, the amount of > information is just too great, all this does is remove a place where > peoples own research can be speeded up without having to reinvent the > wheel, as well as sharing the findings of research. > > If you are saying you can audit the code of a whole OS yourself, than > you must be a code god, and all of these people who bitch about > "sciptkiddies" and the like just stealing other people's research > should only say so if they have never made use of these sources > themselves. > You have to start somewhere to learn, and you have to be able to pool > resources to share the load in auditing the amount of code and > programs available today. > > regards > O.C.Rochford > > > > Saturday, January 11, 2003, 10:00:08 PM, you wrote: > > r> -----BEGIN PGP SIGNED MESSAGE----- > > r> [Full-Disclosure] Fwd: fuck symantec & boycott bugtraq > > >>(snip) They went out of their way > >>to intentionally remove a feature from the public database. It's not > >>like they've decided it's too much work to keep maintaining or > >>something, they've got paying customers for the commercial version. > >>I can only imagine that this was a policy decision because Symantec > >>didn't want to be seen as hosting the exploits they are trying to > >>protect their customers against. Same reason they don't make > >>malicious code samples available to the public. > > r> Corporate ass-covering and profiteering at its worst. No great shock > r> there. > > r> Not that any of this matters, in the long run: the only people this is > r> going to impact in the slightest are script kiddies (the standard > r> variety, as well as hidebound ""professionals"" firmly attached to the > r> corporate teat) too stupid or lazy to research the information > r> themselves. The community will adapt, one way or another. Those left > r> behind will have only themselves to blame. > > > r> I say anything which speeds up the Darwinian course of events can only > r> be a good thing. Let's hear it for natural selection. > > r> Ratel. > > r> *** > > > r> "Americans used to roar like lions for liberty. Now we bleat > r> like sheep for security." - Norman Vincent Peale. > > > r> -----BEGIN PGP SIGNATURE----- > r> Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com > > r> iQA/AwUAPiCT0uYNtyh3zif9EQJSRwCfSrfi9LtzXPMa9mHKxso+BtGVMF4AoJDe > r> qq50xusT9pgg4K4OKm/ucoUK > r> =A4oR > r> -----END PGP SIGNATURE----- > > > > -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" [EMAIL PROTECTED] http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
