On 10/12/07, Roman Medina-Heigl Hernandez wrote:
> Andy Davis escribió:
> > Personally I think these techniques are pretty cool we're really pleased
> > with the results of the research - I think it may be clearer to everyone
> > when we release the higher resolution videos that are easier to watch.
>
> I think it may be clearer to everyone if you release some kind of paper
> describing (and including) the shellcodes. Also a fully commented
> lpd-cisco-remote-shell exploit would help since it would *demonstrate* the
> whole exploitation process :-) No offense, videos are nice but at last they
> are pure marketing, they *demonstrate* nothing.
Perhaps better would be a working exploit based on a vulnerability at
least a couple of years old, so as to minimize the chance of someone
actually getting hurt by it, while still disclosing the important
information.
> Andy Davis escribió:
> > Personally I think these techniques are pretty cool we're really pleased
> > with the results of the research - I think it may be clearer to everyone
> > when we release the higher resolution videos that are easier to watch.
>
> I think it may be clearer to everyone if you release some kind of paper
> describing (and including) the shellcodes. Also a fully commented
> lpd-cisco-remote-shell exploit would help since it would *demonstrate* the
> whole exploitation process :-) No offense, videos are nice but at last they
> are pure marketing, they *demonstrate* nothing.
Perhaps better would be a working exploit based on a vulnerability at
least a couple of years old, so as to minimize the chance of someone
actually getting hurt by it, while still disclosing the important
information.
[ reply ]