| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D8786C4.8090802@infiltrated.net> Date: Mon, 21 Mar 2011 13:11:32 -0400 From: "J. Oquendo" <sil@...iltrated.net> To: Luigi Auriemma <aluigi@...istici.org> Cc: bugtraq@...urityfocus.com Subject: Re: Vulnerabilities in some SCADA server softwares On 3/21/2011 12:16 PM, Luigi Auriemma wrote: > The following are almost all the vulnerabilities I found for a quick > experiment some months ago in certain well known server-side SCADA > softwares still vulnerable in this moment. At what point in time did you try contacting any of the vendors for these issues? Analogy: Car owner has his car speed up ending up in almost near catastrophe. Car owner goes to media outlets condemning the manufacturer: "How could you be so reckless! Thousand of lives..." Reality: Car manufacturer was never made aware of the issue. How do you propose a manufacturer fix an issue? Where in any of your advisories did you take the time to let a company know: "hey you guys have some potential issues, here they are!!!" -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
Powered by blists - more mailing lists