full disclosure

Remote print server gives anyone Windows admin privileges on a PC

2021/07/31 : Lawrence Abrams writes a paper about a new event of full disclosure.

"A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver."Read more

Fortinet slams Rapid7 for disclosing vulnerability before end of their 90-day window

2021/08/12 : "A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue."Read more

L0pht testimony before the Congress (United States Senate Committee on Governmental Affairs)

https://www.youtube.com/watch?v=VVJldn_MmMY
Schneier - Crypto-Gram September 15, 2000

2000/09/15 :  Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.

"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a...Read more

Schneier - Cypto-Gram July 15, 2000

2000/07/15 : Bruce Schneier publishes his monthly crypto-gram, talking about the full disclosure CIA just faced and Counterpane Internet Security News, among other things.

This artifact is part of the ...Read more

White-Hat Hate Crimes on the Rise (Wired Paper)

2001 : "A group of black-hat hackers, in a campaign called "Project Mayhem," have declared war on white-hat hackers who've gone to work for security firms."
The 'Project Mayhem' is the battle declaration of full-disclosure against anti-sec.Read more

Microsoft Exchange servers are getting hacked via ProxyShell exploits

2021/08/12 : Lawrence Abrams explains how "Orange Tsai at a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service (CAS) attack surface.
After watching the talk, security researchers PeterJson and Nguyen Jang ...Read more

Bugtraq

Bugtraq mailing list - Wikipedia
Interview with Elias Levy (Bugtraq)
Bugtraq Mailing List - Archives
Bugtraq archives
Full Disclosure works, here's proof - Bugtraq archives
ACM: Digital Library: Computers and Society - Bollinger paper

2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.

"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)

This artifact...Read more

Whacked Mac collection CD (L0pht)

https://archive.org/details/WhackedMacCD

Black Hat 2000 - Ranum and Granick VS Rausch and Amhed

April 2000, at the Black Hat Conference (Singapour) took place a debate with Ranum and Granick against Rausch and Amhed.Read more
Google 7-days disclosure

2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities. 

"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more

Subscribe to full disclosure
Need help with PECE?
Join the PECE Slack channel