lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <43257A3B.7000000@free.fr>
Date: Mon Sep 12 14:54:42 2005
From: jerome.athias at free.fr (Jerome Athias)
Subject: Releasing vulnerability information in blogs
	- a	new trend?

Hi,

well, it's not new that some vulns are reported on personal websites and
public/private forums. Blog is quite the same as a little forum...
But many guys also send their researches to full-disclosure lists. And
that, often before to post them on their sites.

Another question that i'm asking to myself is what about a
standardization of the vulns reports. In fact we often find the same
sections in a vuln report, but the reports don't have the same design...
I think it'll be usefull to could have reports written in a specific way.

Just an idea...
Sorry for bad english

/JA

Juha-Matti Laurio a ?crit :

> This happened with IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes
> Using WebDAV issue
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037019.html
>
>
> Is this a new trend or something, this IIS vulnerability release was
> similar as a previous IIS 5/6 500-100.asp "SERVER_NAME" issue
> published via (same) Norwegian blog.
> Some possible problems:
> -report format used in blogs
> -possible unofficial blog comments (anonymous exploit codes published
> etc.)
> -vendors has no time to look for new blog entries
>
> Regards,
> Juha-Matti
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> 
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050912/8ed884ae/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ