Re: No Subject (re: openssh exploit code?)

["morning_wood" <se_cur_ity () hotmail com>]

 unfortunatly the windowz RPC exploit, without PoC
would have gone unheeded in patching had it not
been for a binary release of the exploit, and
that was one of the worst in history. now, despite
the millions of "owned" systems, this vulnerability
is nearly extinct. even i get PoC from friendz
that the author nor myself would release because
of the kiddi's, not because we want to exploit
and say "look at us were so l337" but that we
know how devestating that pre-made PoC
would be. if he ( Mitch ) dont wanna release 
code, he dont have to, PERRIOD. i for one
do believe in full disclosure, but ultimatly the
release of PoC "k0d3z-n-w4r3z" lies with the author.

my2bits (1/4 of a byte )

Donnie Werner
CTO E2 Labs
http://e2-labs.com 
morning_wood () e2-labs com

try http://exploitlabs.com "we plug your holes"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html