I echo some of Nathan Lawson's words. I am sorry if my comment about some crackers having half a brain is taken the wrong way. Nowadays there are very sophisticated and readily available tools that allows tens of thousands of people to try hacking, just for the heck of it. All a hacker has to do is foreach machine in list of machines 1) try to break root using one of the exploitation scripts 2) if successful, install the sniffer program 3) optionally install bogus versions of programs that hid the use of the sniffer program 4) optionally install a back door entrance 5) log off 6) come back later and harvest the passwords Of course, if you have "legal" access to the machine, or if the administrators are careless, you can eliminate steps 3 and 4, which are the hard parts. The sources of the sniffer program is available everywhere By making sources of the exploitation scripts available, you allow people who are completely ignorant of UNIX to start cracking systems. This encourages anyone with free time to "try hacking", just for the heck of it. Therefore the number of hacking attempts will increase by at least one order of magnitude. This places an additional burden on every administrator/owner of any machine on the Internet. Many sites do not spent enough time and money on security. The number one reason why security isn't fully implemented is because of resources. Full disclosure will force every site to allocate $$$ to fix these problems.