Full Disclosure mailing list archives
CVS REMOTE VULNERABILITY + STEFAN ESSER : UNSCRUPULOUS
From: Jack Ahz <anoncoder () yahoo com>
Date: Mon, 20 Jan 2003 15:47:28 -0800 (PST)
It comes to our attention that certain 'security professionals' abuse their knowledge of certain vulnerabilities or software - whether through the auditing of proprietary source trees that ISS does, or by faking GDB output.... But perhaps the greatest abuse is generated by the most unethical whitehat known as 'Steffan Esser.' What is worse than somebody who preys on the findings and hard work of others and passes it off as his own? This is something that Steffan Esser has done consistently, releasing moderately high-profile vulnerabilities that other people have discovered, for which he claims credit. What are the chances that several talented individuals find some good remote bugs, and start exploiting them in the wild (or the source code leaks), and immediately afterwards, Stefan Esser has located the vulnerable code, written an exploit for it, and published an advisory? Example: We all remember the remote php mime bug found by teso... leaked to irc and then shortly later published by Esser. Next we have the mysql locals, and now the cvs remote... all of which were found by the same person, then shortly afterwards conveniently "found" by e-matters security, researched, and published. Refuse to acknowledge/support whitehat criminals who siphon off the intellectual property of others and attempt to capitalize on it. If people are going to act like jackasses, and publish bugs/exploits, then they should at least find their own. Nobody likes e-matters/lcamtuf/netcat.it style advisories, and these people will be promptly tossed into the whitehat oven and incinerated in the future. Oo~-* Good day *-~oO __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CVS REMOTE VULNERABILITY + STEFAN ESSER : UNSCRUPULOUS Jack Ahz (Jan 20)
- <Possible follow-ups>
- Re: CVS REMOTE VULNERABILITY + STEFAN ESSER : UNSCRUPULOUS Anonymous (Jan 20)
