lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040303083305.21597.qmail@webmaildomini1.aruba.it>
From: dante at alighieri.org (Davide Del Vecchio)
Subject: The non-apreciated world of full-disclosure

16 days after my post regarding the Firewall/VPN Appliance vuln
and 1 month more my TELEPHONE notice to Symantec support,
Symantec released a new version of firmware for their appliance.
But the problem it`s not the time.
The problem is that they told me it was "not a vulnerability",
after 1 month they released the new firmare to patch the "Cached Password
Vulnerability" (as they called it), and just telling
"Symantec is aware of a potential administrator password leakage 
vulnerability reported in 
<http://securitytracker.com/alerts/2004/Feb/1009069.html>." 

... 

This is what I received..I don`t want money
but I think an ufficial "thank you" is the minimum... or not?
Am I telling something of MAD?! 

the new firmware is avaiable here: 

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_firewall_v 
pn_appliance/updates/vpn200_161_app.zip 

d. 


 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Davide Del Vecchio "Dante Alighieri" dante@...ghieri.org ~ dante@...ejack.it
http://www.alighieri.org http://www.bluejack.it http://www.ezln.it
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Powered by blists - more mailing lists