lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000001c3fa3b$819d718a$9100a8c0@morantug.com>
Date: Mon, 23 Feb 2004 13:33:17 -0500
From: Michael Evanchik <mike@...npickel.com>
To: <eval@...hmail.com>, <bugtraq@...urityfocus.com>
Cc: <full-disclosure@...ts.netsys.com>
Subject: RE: RE:  Re: YES IT IS , is predicatable file
 location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer
 remote code execution)


From:eval@...hmail.com
Sent:Fri 2/20/2004 9:39 PM
To:bugtraq@...urityfocus.com
Cc:full-disclosure@...ts.netsys.com
Subject:[Full-Disclosure] RE:  Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
 

Why don't you release your exploits on packetstormsecurity or astalavistainstead of Bugtraq? You obviously have no interest in trying to secureanyone, instead you are deliberately hurting the security of us all. >I totally disagree.  Did you know microsoft sometimes refuses to accept vulnerabilities and dismiss them as "not a vulnerability itself" but in actualityonly need to be combined with other "not a vulnerability itself" exploits and donot understand this.  I would actually THANK bugtraq and Full Disclosure that posts from Http equiv and others actually seem to get a quick patch rate now by Microsoft then in the  past.  Experts seem to be always repeating them selves how this is "a year old vulnerability" and no response fromMicrosoft.  It seems not unless they are SHOWN in proof on concepts arefixes put in the works.How are you any different than a virus writer? They are creating malwareand releasing it on their sites, then they claim innocence because theydidn't click the "Send" button. Both of you are intentionally tryingto help blackhats, script kiddies and criminals. >Did you ever think the wrong someone will think of these things sooner or later?  Researches, if you notice, get anti virus people on top of their game for free.  They already have definitions for this example and others thanks fully to the "security researcher" Mike P.S.   AIM or Buddy Icons no longer required.  IE is just a big hole.
Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ