RE: remote kernel exploits?

[andrew () generator co za (Andrew Thomas)]

Comments inline.

----- Original Message ----- 
From: <andy_mn () hushmail com>
To: <full-disclosure () lists netsys com>; <incidents () securityfocus com>
Sent: Thursday, September 12, 2002 10:04 AM
Subject: Re: [Full-disclosure] RE: remote kernel exploits?


...
> choose just because of someone's choice of operating system? And
> what kind of researcher would've given them these tools before
> notifying the rest of us anyway? I really think it's time
...
> to. So in other words, unless one of these brats comes forward
> or the irresponsible security professional who was reckless
> with the information, we can never be sure that we have an
> operating system with these bugs fixed.
...
Why is it that everyone seems to assume that the only people with
enough skills to find and abuse an exploit is a "security researcher"?
Or a "security professional"? 

*Please*...

Do you have any idea how long it took for the format string 
vulnerabilities to make it 'public' after they had been discovered?

> If they don't deface websites with these exploits, then what
> do they do? Steal credit card information? Makes little
> difference to my argument.

Yup.

Or gain access to more 'entertaining' sites. What do you understand 
to be blackhat motivation?

What is a blackhat?

Regards,
  Andrew