lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: zorkshin at tampabay.rr.com (Justin Shin)
Subject: A Few Realities About Security Re: Microsoft Cries Wolf ( again )

Of course he is. His "team" has no background info, probably just a 15 year
old kid sitting in his basement. Obviously anyone with such information
would immediately publish it in the hope that it would lead to a solution,
or at least bring them instant fame. Actually, I find it ironic that he
won't post the vulnerability to a mailing list called full-disclosure.

I guess that leads me to another rant: all of these magazine articles
talking about how mailing lists like this one and bugtraq "hurt" the
security community. Ha! Would you rather us be kept in the dark and
disconnected from eachother, so that the morons can run a Perl script they
found on an underground hacking web site.

-- Justin Shin

----- Original Message -----
From: "Gordon McKillop" <gud@....co.uk>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, July 03, 2003 11:02 PM
Subject: Re: A Few Realities About Security Re: [Full-Disclosure] Microsoft
Cries Wolf ( again )



You said it, dude.

It sounds like secresearcher was talking out his ass.

If theres a vuln discovered in a piece of software everyone should know
straight away. That way the attackers and defenders are on an even playing
ground; patch up, disable or run the risk.

If you leave people in the dark then who knows who else knows about the
vuln?

All the vulnerable systems sit unpatched and undisabled.

If one guy found it, another one could too, and he might not be as
altruistic
as the first guy.

Take it easy,
Gud.

On Friday 04 Jul 2003 2:14 am, Justin Shin wrote:
> Note the name:
>
> [full-disclosure]
>
> -- Justin Shin
> ----- Original Message -----
> From: <infosysec@...hmail.com>
> To: <secresearcher@...hmail.com>; <full-disclosure@...ts.netsys.com>
> Sent: Thursday, July 03, 2003 6:41 PM
> Subject: RE: A Few Realities About Security Re: [Full-Disclosure]
Microsoft
> Cries Wolf ( again )
>
>
>
> OK secresearcher, I call you on this one.  If you're not completely full
> of crap, release the vuln the day before M$ does.  If you do, I will
> personally bow to you and publically eat crow.  If you don't, please
> go away.
>
> Curt
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ