Having proof of concept code is always valuable (and the sooner the better), but I question releasing exploits that execute code on the target machine. Having a DoS PoC is enough... The legitimate pentesters will be able to modify the PoC to execute code on the target while, at the same time, the "kiddies" will be stuck with something of little or no use to them. This way everybody is happy. Some of you might say that some "kiddies" will be able to modify the DoS PoC to execute code for their malicious needs. Well, if this is the case, then we are no longer dealing with "kiddies"... If they can do this then they are capable of creating their own exploits...
kcq -----Original Message----- From: johnny cyberpunk [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 11:37 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] no more public exploits hi, this is an anouncement that i personally have no more intention to publish any further exploits to the public. too many flames from guys who are too lame to use the exploits or to fix offsets for other targets. too many risks that kiddies around the world use it for bad purposes. i saw, that the original intention, to publish exploits, for pentesting or patch verifing purposes didn't work. remember, that i speak just for me, not for the rest of the group. cheers, johnny cyberpunk/thc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
