| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Mar 2011 14:13:32 +0200 From: BlackHawk <hawkgotyou@...il.com> To: Cal Leeming <cal@...whisper.co.uk> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Vulnerabilities in *McAfee.com Nothing new under the sun.. i have done some security testing on _open source_ webapps, and most of the time if you allert the publisher of your founding ( most of the time remote code executions, not "boring" XSS ) the answer is tipically "F*** off, we do not need your help / you are lying / you are a criminal / etc.etc." showing that bug founding is still looked with diffidence from many people; on the other side admins are so proud of themselfs that they do not want other people to know they have bad coded something, look at this: http://forums.pligg.com/questions-comments/23065-pligg-1-1-3-security-vulnerabilities.html#post103328 to close with a semi-serious joke: put all this together and you will know why black market selling of exploit is increasing his size: at least someone will appreciate your work and eventually recompensate you for it.. On Wed, Mar 30, 2011 at 9:33 PM, Cal Leeming <cal@...whisper.co.uk> wrote: > > > > Like with most laws, the key point is "intent". If your intention was > clearly not malicious, then you are safe. -- BlackHawk - hawkgotyou@...il.com Sent with Gmail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists