Full Disclosure mailing list archives

RE: RE : RE : [Secure Network Operations, Inc.] FullDisclosure != Exploit Release


From: "Ken Pfeil" <Ken () infosec101 org>
Date: Wed, 29 Jan 2003 16:24:55 -0500

<*sigh*>..(Help me Jeebus...)
Did you bother to think *at all* before spewing this out, or are you
trolling?
OK, I've got 2 minutes free, I'm game..

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Giri,
Sandeep
Sent: Wednesday, January 29, 2003 3:00 PM
To: 'full-disclosure () lists netsys com'
Subject: RE: RE : RE : [Full-disclosure] [Secure Network Operations,
Inc.] FullDisclosure != Exploit Release


Hi!
From a security professional's point of view, releasing an exploit is
beneficial.

I guess you're the "professional", or are you expressing someone else's
viewpoint?

If he releases exploit someone would certainly write a virus for the same.
Which will make companies realise the benefit in hiring the security
professionals.

I'd frame this little number if I were you. It'll make dandy literature for
a potential client, maybe circulate it with your resume?

So, from my point of view, writing viruses which doesn't
physically destroy
any thing is also okay;)

Care to clarify this? So I guess a POC fer turning people inside-out ain't
gonna fly in your book, huh? It's good to have scruples.


Sorry, if it hurts the ethics..and if it sends wrong singnals
about my area
of work.

Yeah, I can see this making into the CISSP ethics clause now <hehe>.


Thanks.
Regards,
Sandeep Giri


<snip>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: