lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200501182147.36030.pete.connolly@btinternet.com>
Date: Tue, 18 Jan 2005 21:47:35 +0000
From: Pete Connolly <pete.connolly@...nternet.com>
To: bugtraq@...urityfocus.com
Cc: red@...sec.de, Marc Ruef <maru@...p.ch>,
        submissions@...ketstormsecurity.org, secure@...ell.com,
        full-disclosure@...ts.netsys.com, partners@...unia.com,
        news@...uriteam.com
Subject: Re: Novell GroupWise WebAccess error
	modules loading


On Monday 17 January 2005 16:42, Marc Ruef wrote:
> Dear ladies and gentlemen
>

<SNIP description of two potential problems>

> We have not found any information on that issue. So I sent this information
> (nearly the same posting) on 14/12/04 to info@...ell.com and asked for a
> solution. As I haven't heard _anything_ until 23/12/04 I sent a reminder
> email to the same address. So no reply came back we made this vulnerability
> public finally to force Novell to react on this case. An Attack Tool Kit
> (ATK) plugin that addresses this vulnerability will be published in the
> next days[1].
>
> Regards,
>
> Marc Ruef
>
> [1] http://www.computec.ch/projekte/atk/

It took me less than 10 seconds to find this url

http://support.novell.com/security-alerts/

using the keywords "novell security email address" in Google.

Had you taken the same time to do this, you would have found that 
secure@...ell.com is the place to send this kind of notification.

No doubt you've spent a lot of time doing some good research. Had you spent a 
little longer there would probably be a patch by now.  Making up 'possible' 
email addresses for this kind of mail and then 'forcing' Novell to go public 
on an issue that's probably sitting in a spam bucket is a bit of waste of 
everyone's time and effort, your own included.

Regards

Peter
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ