| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: horms at verge.net.au (Horms) Subject: Re: Terminal Emulator Security Issues On Tue, Feb 25, 2003 at 08:07:08AM -0600, H D Moore wrote: > On Monday 24 February 2003 08:09 pm, Michael Jennings wrote: > > I'm not sure what "vendor coordination" was done, but I know I was > > never contacted. Just FYI. > > The vendor coordination was done through the vendor-sec mailing list with > about a three-week head start prior to disclosure. There really weren't > many true "bugs" found, just about everything covered was implemented > deliberately and could be found in the documentation of the app. There > had already been a number of debates on the exploitability of these > features, so this paper was more of a FAQ than any sort of advisory. It > wasn't my intention to catch anyone off-guard on this, just to bring > these issues back into the limelight for a while and see if other people > had a similar take on them. I would suggest that vendor coordination that doesn't involve contacting the authors is a specious process. Surely the authors themselves would be useful allies in exploring the full consequences of and resolving security problems. After all they probably know the code at least as well as anyone else. -- Horms
Powered by blists - more mailing lists