lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0508140643200.16957-100000@matrix.coldrain.net>
Date: Sun Aug 14 11:59:32 2005
From: bruen at coldrain.net (bruen@...drain.net)
Subject: XSS at Citibank.co.uk

Hi Jim,

  Besides the obvious, exactly why should Cisco or any other vendor in our
business be shielded from public scrutiny on products which are faulty? I
am sure that Merck would like to have kept Vioxx on the market, even
though people died from it. I am just as sure that Guidant Corp did not
want the problems with their pacemakers made public, so that they have to
fix them for free. What about Ford Explorers and exploding tires? They
can't even give them away today. Since there is no equivalent to Consumer
Reports for us, we are left with public disclosure.

 If it is important enough to stop public disclosure of problems, then
it's important enough for vendors to start taking responsbility for what
they produce. The resources going into stopping public disclosure would be
better used to help secure the products. Those lawyer fees would be a good
start.

                      regards, bob


On Sun, 14 Aug 2005, Jim Duncan wrote:
> While any method of contact is better than none, may I suggest you check
> the list of FIRST teams at http://www.first.org/ before posting
> publicly?  While I can't guarantee any given organization will be a
> member -- nor can I guarantee a response to the given address --
> Citigroup is a long-time member of FIRST, and their first-team members
> have demonstrated excellent responsiveness in the past.
>snip... 
> FIRST Steering Committee Member and FIRST.Org, Inc., Board of Directors

-- 
Dr. Robert Bruen
Cold Rain Technologies 
http://coldrain.net
+1.802.579.6288

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ