| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Mar 2004 19:30:31 -0800 From: "Tri Huynh" <trihuynh@...up.com> To: "Brian Keefer" <chort@...unetsgothique.com> Cc: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>, <PenetrationTesting@...oogroups.com>, <vnsec@...tryunion.com>, <bugs@...uritytracker.com>, <news@...uriteam.com>, <vuln@...unia.com> Subject: Re: TrendMicro (not Macro) Interscan Viruswall Directory Traversal Hi, I just take a look at my recent advisory and I find out that I have made a typing mistake due to my terrible copy and paste skill (I know, It happend before). I am sorry for the confusion I have made. The vendor name is TrendMicro, not TrendMacro (an investor company). Thank all the people contacting me about my mistyping. Beer is the one to blame. To Brain Keefer, I mistyped the word TrendMicro because it was a copy and paste problem, once you mistype a word and then copy and paste your mistyped word all over the place. However, I think i am good enough to know what is a domain and what is a bounced back email once I send to a wrong address. And especially, when I first contacted TrendMicro, I know how to go to the website and I can recognize if i am in the right website or not since TrendMicro is not a strange start-up company. I hope if you give out comments next time, please low down your tone since it may make some people feel offensive (Even if that is their fault). Your CISSP title rocks ! Speaking of TrendMicro Interscan, I believe that there are still many trivial problems in the product that needed to be addressed like Telewindow Javascript allows attacker to hijack, steal information at the user browser, and of course XSS is all over the place. I will contact TrendMicro again (They haven't responsed the last time) to report them about these problems before releasing detail advisories. Regards, Trihuynh ----- Original Message ----- From: "Brian Keefer" <chort@...unetsgothique.com> To: "Tri Huynh" <trihuynh@...up.com> Cc: <bugtraq@...urityfocus.com>; <full-disclosure@...ts.netsys.com>; <PenetrationTesting@...oogroups.com>; <vnsec@...tryunion.com>; <bugs@...uritytracker.com>; <news@...uriteam.com>; <vuln@...unia.com> Sent: Wednesday, March 24, 2004 2:22 PM Subject: Re: TrendMacro Interscan Viruswall Directory Traversal > On Wed, 2004-03-24 at 07:11, Tri Huynh wrote: > > TrendMacro Interscan Viruswall Directory Traversal > > ================================================= > > > > PROGRAM: TrendMacro Interscan Viruswall > > HOMEPAGE: http://www.trendmicro.com > > VULNERABLE VERSIONS: - 3.5x (Windows) > > - Unix/Solaris > version is > > not tested but possibly > > vulnerable > > "TrendMacro" does not make anti-virus products. Did you try visiting > their website (www.trendmacro.com)? The only place you got their domain > right was in the HOMEPAGE: section. Everywhere else in your "advisory" > you misspelled the name of the company/domain. > > > Update: The technical support email virus_doctor@...ndmacro.com was > > sent an email concern about this problem. However, it has been 6 > days > > and we haven't received any reponses yet. > > That's because you didn't send the message to the correct domain. It > should have been sent to "trendmicro.com". No wonder they didn't > respond to you. > > -- > Brian Keefer, CISSP > Systems Engineer > CipherTrust Inc, www.CipherTrust.com > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists