| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1057075854.25070.47.camel@localhost.localdomain> From: simon at snosoft.com (ATD) Subject: Microsoft Cries Wolf ( again ) Amen On Tue, 2003-07-01 at 07:37, KF wrote: > > > > > >The solution to this problem lies in the hands of the vendors, *not* in the hands of the researchers. > > > *This is no lie... after a while one (researchers) simply gets tired of > bending over backwards > to get the vendor to listen. You get to a point where you simply don't > care sometimes...* > vendors are frustrating... they first act like they can't talk to you > unless you are > paying for support... then the don't understand what it is you are > trying to say... > then they claim that oh thats not a business critical issue we are gonna > sit on our > rump for 6 months and then maybe we will fix it.... IF you even make it > to that > point... > > For examle I am waiting on a certain 3 letter company to get back to me > on a local root > exploit... I used their web based email form which claims a 24 hour > response time... its > now 5 days later and no response... that failed so I start the usual > blind emails to security@ > support@ somebodyfirggenhelpme@ and no one responds... so then I call > their phone and > go through every friggin option in their PBX system.. still can't find > someone to help out... > > "... security staff... what do you mean... I have never had someone ask > something like that" > me: you know... like I have a security issue with your product... you > need to fix it... > "thats interesting... I'll have to see what I can find... we never get > calls like this" > me: *sigh* > > I have done my due dilligence... here in about 1 day the problem is 100% > theirs... I will give > the public the old chomd -s reccomendation and be done with it... > > Someone in the .gov get us a vendor responsibility bill or something... > -KF > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030701/e71fe958/attachment.bin
Powered by blists - more mailing lists