Bugtraq mailing list archives
just what is full disclosure...?
From: hobbit () bronze lcs mit edu (*Hobbit*)
Date: Wed, 30 Nov 1994 02:45:36 -0500
To me, an exploit script isn't *really* full disclosure until I pick it apart and see what it's doing, and *then* I understand what the real problem is. I wound up rewriting "mailrace" a couple of different [and more effective] ways as a result of this sort of study. "passwdrace" was even more interesting. Thus, a description of why the bug is a bug would be *better* in my mind, with pointers to lines in the source code that are in error, and leaving the 'sploit as an exercise. Publishing the canned script is an interesting approach, but has the disadvantages that a> any idiot can run it and b> alone, it doesn't really explain the problem. Of course, nothing prevents someone else from performing the exercise and distributing *that* as a canned 'sploit to clueless people, but that at least shifts the irresponsibility from, say, 8lgm to that someone else... _H*
Current thread:
- Re: udp packet storms Mike Raffety (Oct 31)
- Re: udp packet storms Perry E. Metzger (Oct 31)
- Re: udp packet storms Darren Reed (Nov 01)
- Re: udp packet storms Steve Simmons (Nov 01)
- Re: udp packet storms Perry E. Metzger (Nov 01)
- Re: udp packet storms Tim Newsham (Nov 01)
- Re: udp packet storms Pete Shipley (Nov 03)
- bizzare ftp stuff... Tim Scanlon (Nov 03)
- <Possible follow-ups>
- Re: udp packet storms Perry E. Metzger (Oct 31)
- Re: udp packet storms Charles Howes (Oct 31)
- Re: udp packet storms Mike Raffety (Nov 01)
(Thread continues...)
- Re: udp packet storms Perry E. Metzger (Oct 31)