Full Disclosure mailing list archives
Re: DCOM RPC exploit (dcom.c)
From: security snot <booger () unixclan net>
Date: Sun, 27 Jul 2003 09:19:11 -0700 (PDT)
Sir, While I fully support the spread of malicious software to the masses, I disagree with your reasoning. I don't understand how having any of the poorly written public exploits for this vulnerability will help in the securing process in any way. Unless you mean that the threat of a worm is more realistic because now hackers, along with security professionals, both have access to some form of exploits they can use to create a worm with, and this threat is enough to convince Asian nations to update all their machines. Other than that, could you please explain how the distribution of such materials actually will "help prepare", as you say, for the upcoming worm? Thanks, -snot ----------------------------------------------------------- "Whitehat by day, booger at night - I'm the security snot." - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - ----------------------------------------------------------- On Sat, 26 Jul 2003, Blue Boar wrote:
Chris Paget wrote:I know this is the full-disclosure list, but working exploit code for an issue this huge is taking it a bit far, especially less than 2 weeks after the advisory comes out.I'm aware of at least 7 exploits for this vuln now. Are you really going to complain that you get to see the source for one of them? If so, that's easy enough to fix, just delete the file from your drive. Yes, this exploit will almost certainly be turned into a worm. I for one would rather see the exploit that will be the worm ahead of time, makes it easier for everyone to prepare. BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Nathan Seven (Jul 27)
- Re: DCOM RPC exploit (dcom.c) security snot (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Blue Boar (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Chris Paget (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
- Re: DCOM RPC exploit (dcom.c) w g (Jul 27)
- Re: DCOM RPC exploit w g (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
