| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Sep 2010 02:55:12 +0800 From: YGN Ethical Hacker Group <lists@...g.net> To: Christian Sciberras <uuf6429@...il.com> Cc: Mitja Kolsek <mitja.kolsek@...ossecurity.com>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, paul.szabo@...ney.edu.au Subject: Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) > If, say, DWM.dll is exploitable, why not point *that* out rather than > point out the many applications that are using it (wrongly)? > As I might have said in earlier mail, I have to do this so that vulnerability news site such as secunia , securiteam authors can get enough information for each application. Most of them do it automatically. They can't process vulnerability posts like "Multiple Vulnerabilities". They have to extract each item. If you take a look at OSVDB, they will put each item of vulnerability that belongs to each item. DLL Hijack posts are not to spam but to be served for that purpose. You should filter it. Everybody thinks that their ideas, actions, thinkings are right. And everyone has his pride and ego. You can never control someone's way of doing. You can just tell it, watch it or ignore it. You can block all DLL Hijack posts if you 0wn this list. Thanks for your patience. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists