Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Symantec Buys SecurityFocus, among others....
From: full-disclosure () lists netsys com (James Martin)
Date: Fri, 19 Jul 2002 14:46:02 +0100

Release exploits with the vaguest of descriptions as to how they work
(lost for examples -- just copy'n'paste the "technical bits" of some
of the security bulletins from MS...).  Have the _only_ PoC code a
compiled binary loaded with copyright notices forbidding reversing,
etc.  Be sure to use some "encryption" (extremely trivial is OK as
complexity doesn't matter; can you say XOR?) in the PoC to "protect"
the important secret (generally the overflow "string" itself).  Be
Ummm surely just sniffing the exploit string being sent, will reveal the
string itself in 99% of cases (remote exploits that is). Is watching the
data a program sends across a network reverse engineering??


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]