lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Mar 2011 13:11:32 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: Luigi Auriemma <aluigi@...istici.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: Vulnerabilities in some SCADA server softwares

On 3/21/2011 12:16 PM, Luigi Auriemma wrote:
> The following are almost all the vulnerabilities I found for a quick
> experiment some months ago in certain well known server-side SCADA
> softwares still vulnerable in this moment.

At what point in time did you try contacting any of the vendors for
these issues?

Analogy: Car owner has his car speed up ending up in almost near
catastrophe. Car owner goes to media outlets condemning the
manufacturer: "How could you be so reckless! Thousand of lives..."
Reality: Car manufacturer was never made aware of the issue. How do you
propose a manufacturer fix an issue?

Where in any of your advisories did you take the time to let a company
know: "hey you guys have some potential issues, here they are!!!"


-- 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF

Powered by blists - more mailing lists