Wednesday, March 15, 2006

FrSIRT sells out!

Any security person (or even script kiddie) knows the name K-otic. K-otic has been the source of top notch Proof of Concept (PoC) code and exploits for quite some time. Last year, I think, is when they transitioned to a business mindset of becoming FrSIRT, the French Security Incident Response Team, and started selling vulnerability announcement services. They continued putting out exploit code that typically made its way into Metasploit very quickly.

It all ends today...unless you are customer of their VNS--Vulnerability Notification Service--you don't get squat anymore. Their website doesn't even list the pricing for their product, however, I may end up getting curious enough to give them a call or shoot them an e-mail. Either way, I am really disappointed. It was a great and well-used resource by many security professionals.

Were they like Tenable and didn't feel they were getting enough back from what they put out? Who knows. They just have a crappy little page up where the Exploits page once existed that says:

Exploits and PoCs are available to FrSIRT VNS™ subscribers only.
Public exploits section have been definitively closed.

Oh well, thanks for the good times. If anyone has a mirror of all of their code, let me know ASAP!

UPDATE 9:08pm EST: My RSS reader just notified me there was a new article at FrSIRT, so I clicked on it to simply find that someone who knows the english language better has finally updated the text to read "Public exploits sections has been definitively closed." Damn. And here I thought they saw the error of their ways and changed their mind. I guess not. Someone on the FunSec mailing list posted that them closing the section wasn't a big deal as they just took the code from milw0rm. SMACK!!

No comments: