lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: simon at snosoft.com (ATD)
Subject: Microsoft Cries Wolf ( again )

Amen

On Tue, 2003-07-01 at 07:37, KF wrote:
> >
> >
> >The solution to this problem lies in the hands of the vendors, *not* in the hands of the researchers.
> >
> *This is no lie... after a while one (researchers) simply gets tired of 
> bending over backwards
> to get the vendor to listen. You get to a point where you simply don't 
> care sometimes...*
> vendors are frustrating... they first act like they can't talk to you 
> unless you are
> paying for support... then the don't understand what it is you are 
> trying to say...
> then they claim that oh thats not a business critical issue we are gonna 
> sit on our
> rump for 6 months and then maybe we will fix it.... IF you even make it 
> to that
> point...
> 
> For examle I am waiting on a certain 3 letter company to get back to me 
> on a local root
> exploit... I used their web based email form which claims a 24 hour 
> response time... its
> now 5 days later and no response... that failed so I start the usual 
> blind emails to security@
> support@ somebodyfirggenhelpme@ and no one responds... so then I call 
> their phone and
> go through every friggin option in their PBX system.. still can't find 
> someone to help out...
> 
> "... security staff... what do you mean... I have never had someone ask 
> something like that"
> me: you know... like I have a security issue with your product... you 
> need to fix it...
> "thats interesting... I'll have to see what I can find... we never get 
> calls like this"
> me: *sigh*
> 
> I have done my due dilligence... here in about 1 day the problem is 100% 
> theirs... I will give
> the public the old chomd -s reccomendation and be done with it...
> 
> Someone in the .gov get us a vendor responsibility bill or something...
> -KF
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030701/e71fe958/attachment.bin

Powered by blists - more mailing lists