[<prev] [next>] [day] [month] [year] [list]
Message-ID: <005201cbf3fb$69903370$0201a8c0@ml>
Date: Wed, 6 Apr 2011 04:38:34 +0300
From: "MustLive" <mustliveua@...il.com>
To: <full-disclosure@...ts.grok.org.uk>,
<lists@...gnet.lists.grok.org.uk>
Subject: Re: Vulnerabilities in *McAfee.com
Hello YGN Ethical Hacker Group!
Just after you've disclosed your finding at McAfee's sites, I have
congratulated you with nice disclosure and started to wait for reaction.
And few days later I've read in Network World few articles about this issue
(http://www.networkworld.com/news/2011/032811-mcafee-security-holes.html and
http://www.networkworld.com/news/2011/033011-hackers-ygn-mcafee.html). So
the reaction and buzz have came quickly. And in large scale - as simple
google dork shows there are a lot of sites (up to 128000 results) posted
this news.
Mostly it's reposting of the same news, but still large attention to your
disclosure. In February in our conversation I told that publishing of the
video about holes at McAfee's sites would must bring attention, but in this
case most attention was brought by disclosure in FD mailing list :-) (and a
lot of attention). But that video can still come in handy for creating even
more buzz about this issue.
The most important thing in all this news articles is that they are claiming
about defying of USA law. All these journalists and news copy-pasters are
not familiar with laws (USA laws in particular), so they're just incorrectly
blaming on YGN Ethical Hacker Group. As I wrote in 2009 in my article
Hacking of web sites, security researches, disclosure and legislation
(http://websecurity.com.ua/articles/security_researches_and_legislation/eng/),
which was published in The Web Security Mailing List, particularly in item 5
of the article (where I wrote about legislations of Ukraine and USA),
security researches, including finding and disclosing of vulnerabilities at
web sites, are legal. So journalists must first get familiar with their own
legislation, before writing such articles with such incorrect statements
about other people.
P.S.
Cenzic is hole-loving company - earlier I wrote in my news about hole in
their site's search engine which I found in 2006. And it's quite possible
that from that time they haven't came far away from such approach. So I wish
you good luck in your quest for Cenzic's holes ;-).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Vulnerabilities in *McAfee.com
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Mon, 28 Mar 2011 00:02:47 +0800
Vulnerabilities in *McAfee.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists