lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Apr 27 18:44:35 2006 From: n3td3v at gmail.com (n3td3v) Subject: Internet Explorer User Interface Races, Redeux On 4/27/06, Antczak, Ed <Ed.Antczak@....com> wrote: > Thanks for the email header lesson. > Basics, or complex analysis is part of what makes postings worth > reading. Yes, he's young, immature. He -is- releasing to the script kiddie community of FD legitimate Microsoft product vulnerabilities, which everyone is greatful. However, the blantant targeting of the media (Robert Lemos) via his "VENDOR RESPONSE" paragraphs will decrease his mad hax0r points credibility in the underground and also the professional circuit. Yes, he's a genius, yes hes great, but drop the media audience target of your advisories and you won't have the likes of n3td3v ID's running amock on your legitimate Microsoft advisories. As for the showing off of "look I understand e-mail headers" thing, that wasn't even needed, all everyone had to do was look at the link, and you would know it was a Robert Lemos look alike. And if you had been paying attention Matty boy, you would have seen it wasn't the first time the Robert Lemos look a like had appeared. And the previous Look a like post actually acknowledged it as such. Ha! then your immaturity ran further by saying, "as if Robert Lemos would have a Yahoo accout. Hehe, his Yahoo account is "robert_lemos" but if you had read the Robert Lemos Fan Club Blog, you would have seen the post I made about it. As for you "being a contact" knowing his e-mail address. Thats laughable. I've been emailing him from for years and i.ming him on Yahoo Messenger for years. So muchf or your "inside knowledge" of how to contact Robert Lemos, ha ha ha. You're a clever guy (Matty) but theres elements of your advisories you need to touch up, like the artificial creation of Microsoft Security Response Center drama, whcih you're hopeful the media will pick up on! No one gives a shit if one college student thinks Microsoft's disclosure to patch tuesday cycle is too slow for your liking. You report the vulnerability to Microsoft, and then its out of your hands. Microsoft can sit on the vulnerability for years if they so choose to do so, its not the position of the bug finder to infulence and change corporate security policies and never will be. Yes, sure Microsoft take months to tell the public about a vulnerability you report, so what, who gives a shit,a nd why should you? Unless your primary goal isn't to research Microsoft product vulnerabilities and alert them to a flaw, and really, you're just after the world stage of Microsoft announing a flaw to everyone via their website, just so you can get off for five minutes of fame. Its not about the media, its not about fame, its not about everyone knowing what a great guy you are, its about alerting a vendor in private of an issue, and moving on. Why care if Microsoft release a patch? You told them about it, its the most you can do, they decide when to release a patch or tell the public about it, via their own strategies, it will always be out of the control of the bug finder. I was like you once, I used to cream at Google and Yahoo for not patching something, but then once I spoke to the guys involved, I realised, its not about security, its about choosing a good time to bury bad news, and of course, the queuing system of whose flaw gets more attention first is down to money, and the risk to profit, not how critical the bug finder decides the vulnerability is, but security professionals, deciding on priority on the basis of what makes business sense, not on the basis of what makes sense to a bug finder, who is wetting his pants at the opportunity to get acknowledged in public, by one of the biggest software makers in the world. Regards, n3td3v
Powered by blists - more mailing lists