Last week’s release of code exploiting the PCT flaw renewed a long-standing debate over the publication of exploits. A coder from The Hacker’s Choice web site published a working binary program in addition to source code. That prompted criticism from security professionals who see value in the release of exploits. By today, the coder was expressing misgivings.
“This is an anouncement that I personally have no more intention to publish any further exploits to the public,” the THC member known as Johnny Cyberpunk wrote to the Full Disclosure e-mail list. “Too many risks that kiddies around the world use it for bad purposes. I saw that the original intention, to publish exploits for (penetration testing) or patch verifying purposes, didn’t work.” But he added: “Remember that I speak just for me, not for the rest of the group.”