lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <005201cbf3fb$69903370$0201a8c0@ml>
Date: Wed, 6 Apr 2011 04:38:34 +0300
From: "MustLive" <mustliveua@...il.com>
To: <full-disclosure@...ts.grok.org.uk>,
	<lists@...gnet.lists.grok.org.uk>
Subject: Re: Vulnerabilities in *McAfee.com

Hello YGN Ethical Hacker Group!

Just after you've disclosed your finding at McAfee's sites, I have
congratulated you with nice disclosure and started to wait for reaction.

And few days later I've read in Network World few articles about this issue
(http://www.networkworld.com/news/2011/032811-mcafee-security-holes.html and
http://www.networkworld.com/news/2011/033011-hackers-ygn-mcafee.html). So
the reaction and buzz have came quickly. And in large scale - as simple
google dork shows there are a lot of sites (up to 128000 results) posted
this news.

Mostly it's reposting of the same news, but still large attention to your
disclosure. In February in our conversation I told that publishing of the
video about holes at McAfee's sites would must bring attention, but in this
case most attention was brought by disclosure in FD mailing list :-) (and a
lot of attention). But that video can still come in handy for creating even
more buzz about this issue.

The most important thing in all this news articles is that they are claiming
about defying of USA law. All these journalists and news copy-pasters are
not familiar with laws (USA laws in particular), so they're just incorrectly
blaming on YGN Ethical Hacker Group. As I wrote in 2009 in my article
Hacking of web sites, security researches, disclosure and legislation
(http://websecurity.com.ua/articles/security_researches_and_legislation/eng/),
which was published in The Web Security Mailing List, particularly in item 5
of the article (where I wrote about legislations of Ukraine and USA),
security researches, including finding and disclosing of vulnerabilities at
web sites, are legal. So journalists must first get familiar with their own
legislation, before writing such articles with such incorrect statements
about other people.

P.S.

Cenzic is hole-loving company - earlier I wrote in my news about hole in
their site's search engine which I found in 2006. And it's quite possible
that from that time they haven't came far away from such approach. So I wish
you good luck in your quest for Cenzic's holes ;-).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Vulnerabilities in *McAfee.com
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Mon, 28 Mar 2011 00:02:47 +0800

Vulnerabilities in *McAfee.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ