Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-Disclosure] What's wrong with this picture?
Date: Thu Feb 26 2004 - 14:31:30 CST
On Thu, 26 Feb 2004 16:49:24 -0300, you said:
> The fact that exploit code is made available after the patch is released,
> is probably because the researchers
> Made the vulnerability publicly available at same time as the patch was
> released, otherwise MS wouldnt give
> Credit to the researchers for the vuln.
The part you should wonder about is why there's a flood of "me-too" exploits
after the patch comes out. Which is more likely, 6 or 8 grey hats all hacking
for 48 hours straight to be the first to release a sploit, or 6 or 8 grey hats all
figuring their 0-day is about to get shut down so they should get some creds
by releasing it and looking like a uber-coder?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.