lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031006164934.GR11988@sparky.finchhaven.net>
From: jsage at finchhaven.com (John Sage)
Subject: Re: I have fixes for the Geeklog vulnerabilities

hmm..

On Mon, Oct 06, 2003 at 10:34:16AM +0530, morning_wood wrote:
> > 
> > Overall, this is a textbook example of how NOT to handle security issues.
> > By not contacting the developers, posting a report full of inaccuracies,
> > and, in the end, mostly non-working examples, Lorenzo Hernandez Garcia-
> > Hierro has caused uncertainty and confusion amongst the Geeklog users and
> > basically wasted everyone's time, including that of the developers. 
> > 
> > Dirk Haun,
> > Maintainer of the Geeklog 1.3.x branch,
> > Geeklog Development Team
> 
>  Do your own work then... or would you have prefered him
> and whoever else he could tell to abuse Geeklog privatly until
> you perhaps stumble across the issues? Disclosure helps everyone,
> Any security disclosure is good,

/* snip */

"Any security disclosure is good..."

A wonderfully naive attitude.

Ever hear of lying? Disinformation? Libel? FUD?

Or simply of someone being wrong?


"Disclosure" without any technical evidence is gossip at best.

Unfortunately, there are some who will believe almost anything they
read.


- John
-- 
"You are in a twisty maze of weblogs, all alike."
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ