lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 15 Aug 2007 19:42:33 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: Jimby Sharp <jimbysharp@...mail.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	"Steven M. Christey" <coley@...re.org>, websecurity@...appsec.org
Subject: Re: SecNiche : Microsoft Internet Explorer Pop up
 Blocker Bypassing and Dos Vulner



: I wonder why we can't find Aditya K Sood in any of the security list 
: even though he has made so many public disclosures.
: 
: See:-
: 
: http://www.google.com/search?hl=en&q=site%3Asecunia.com+aditya+sood
: 
: http://www.google.com/search?hl=en&q=site%3Aosvdb.org+aditya+sood
: 
: Is it because these lists dislike Aditya or is it because they find the 
: vulnerabilities to be false while verification?
: 
: AFAIK OSVDB has a system of tagging vulnerabilities as Myth/Fake. I 
: wonder why the disclosures published by Aditya are missing in OSVDB. 
: OSVDB should add these vulnerabilities and properly classify them or tag 
: them as fake. Anyone from OSVDB here who can respond?

OSVDB did not begin agressively tracking and cataloging myth/fake 
vulnerabilities until earlier this year. Before that they were added as 
time permitted, and over the years primarily if there was a lot of 
confusion or assumption that a published vulnerability was accurate, when 
it clearly was not.

OSVDB will add legitimate vulnerabilities before myth/fake typically, so 
in some cases they are just at the bottom of the queue.

The lack of results for your search above is also likely due to the lack 
of creditee information associated with many of our entries. This is due 
to the creditee field not being added until last year. In some cases, his 
vulnerabilities (legit or otherwise) may be in the database, just missing 
creditee fields.

Brian
OSVDB.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ