[Dailydave] Vulnerabilities Hashes DB needed

LMH lmh at info-pull.com
Wed May 9 09:21:07 EDT 2007 

On 5/7/07, Dave Aitel <dave.aitel at gmail.com> wrote:
> There's only one company in the whole world that says "buffer overrun" and
> that's Microsoft.

Don't forget about Apple there. Oh wait, they just don't say! ;PPPpppppPPp (tm)

> Anyways, if vendor monopoly disclosure annoys you, stop doing it. Why
> aggravate yourself by doing work for other people for free? Life is short.
> If all you really want is fame, then sell the bugs to whoever can get you
> the most fame fastest. Or just post them to the list. And I don't think we
> need a separate hashes list, since dailydave or full disclosure works fine
> for that and, importantly, is mirrored all over the place.

Apparently nowadays the security industry thinks that the really sexy
stuff is actually disclosing issues to vendors. The more, the better.
They release one single issue in an utterly crappy
piece of software with more flaws than the US education budget, and
make a world out of it.
Some random junkhead releases one daily and they call him a publicity
stunt then ;-)

Heck, that's a pretty well balanced situation, isn't it? I'm back
playing with my mighty turkey.
Hehe.

Looks like exploitation techniques, and all that stuff is not hot
anymore. And everyone who likes that can't apply for CISSP
examination.

> I guess my point is this: if you deal the cards, you can make the rules.
> Otherwise, silence is usually the best option.

It's kind of a dream, but hopefully someday a so-called security
company will start making some profit out of the real work and
concentrate a bit less on publicity. PR and ladies are good and all
that, but I know how it feels to deal with reporters and they aren't
the brightest guys on Earth. There are exceptions (really), but just
look over some and their relationships towards certain security
vendors in time.

BTW, how's the average salary for professional trolling these days? I
wanna send an application. Is Larry Seltzer still managing that kind
of stuff? Or Lynn Fox (the girl who kidnaps Fox Mulder's sister in the
X Files).

Keep it real. [1]

[1]: http://www.youtube.com/watch?v=FjKMhtyI3L8
[2]: http://en.wikipedia.org/wiki/Law_%28Da_Ali_G_Show%29 (Brüno interview)
[3]: http://en.wikipedia.org/wiki/War_%28Da_Ali_G_Show%29

More information about the Dailydave mailing list