lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: se_cur_ity at hotmail.com (morning_wood)
Subject: GUNINSKI THE SELF-PROMOTER

>Last year, when Guninski discovered a security hole inside
Microsoft's
>Office XP, he informed the company about his discovery, waited 14
days,
 >then published instructions on how it could be exploited.
>
>Not enough time
>
>Microsoft said that wasn't enough time to issue a patch. And,
frustrated
>with the entire full-disclosure principle, it began using such
situations
>to bolster arguments that the entire bug-reporting system needs an
overhaul

i think an email acknowledging the person would proaly keep most from
publishing, generally
that is where the frustration lies, not in a fast patch, but a simple
"thank you" or "could you help us"
"thank you, we will see to it we mention you for bringing this to our
attention"  ... its not like we want $1,000,000.
some of us compete in an employment market wrought with book educated
admins making 6 figure incomes, and
we are digging out thier mistakes. Just because someone don't look
good on resume doesnt mean they should not be
highly sought after. I personaly would be proud to have Mr Gudinski ,
or Mitnick and of the others
on my payroll anyday

Donnie Werner
http://nothackers.org/about.php

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ