lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dotslash at snosoft.com (KF)
Subject: Microsoft Cries Wolf ( again )

>
>
>The solution to this problem lies in the hands of the vendors, *not* in the hands of the researchers.
>
*This is no lie... after a while one (researchers) simply gets tired of 
bending over backwards
to get the vendor to listen. You get to a point where you simply don't 
care sometimes...*
vendors are frustrating... they first act like they can't talk to you 
unless you are
paying for support... then the don't understand what it is you are 
trying to say...
then they claim that oh thats not a business critical issue we are gonna 
sit on our
rump for 6 months and then maybe we will fix it.... IF you even make it 
to that
point...

For examle I am waiting on a certain 3 letter company to get back to me 
on a local root
exploit... I used their web based email form which claims a 24 hour 
response time... its
now 5 days later and no response... that failed so I start the usual 
blind emails to security@
support@ somebodyfirggenhelpme@ and no one responds... so then I call 
their phone and
go through every friggin option in their PBX system.. still can't find 
someone to help out...

"... security staff... what do you mean... I have never had someone ask 
something like that"
me: you know... like I have a security issue with your product... you 
need to fix it...
"thats interesting... I'll have to see what I can find... we never get 
calls like this"
me: *sigh*

I have done my due dilligence... here in about 1 day the problem is 100% 
theirs... I will give
the public the old chomd -s reccomendation and be done with it...

Someone in the .gov get us a vendor responsibility bill or something...
-KF




Powered by blists - more mailing lists