lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: adf at code511.com (adf--at--Code511.com)
Subject: Hotmail & Passport (.NET Accounts)

 >> Is it me or ms never credit vulnerabilities according to
>> http://www.microsoft.com/security/passport_issue.asp  "a report was
>> published detailing a security vulnerability(...)"? No more details or
>> credit.
> 
> And they should because...?  If you ask me, doing this for "fame and
> fortune" is really against what i would call traditional hacker ethic.
That was just a simple question. AFAIK they DO for some vunerabilities: do
you remember IIS issue (MS99-047) discovered by eeye years ago? Well the
Acknowledgments display credit. Same for most of the latest security bultins
as displayed http://www.microsoft.com/technet/security/: MS03-015 etc...

The question is not fame or whatever you call it, just a question about
selective Acknowledgments from ms.

My 2 cents,

Deepquest
"Ubi solitudinem faciunt, pacem appelant"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ