lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <58DB1B68E62B9F448DF1A276B0886DF194D98247@EX2010.hammerofgod.com>
Date: Sun, 18 Mar 2012 21:24:07 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: upsploit advisories <upsploitadvisories@...ploit.com>, Michal Zalewski
	<lcamtuf@...edump.cx>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Fw: Earth to Facebook

Why not just provide them with the contact and they can forward it on directly?  Then you could obviate the entire trust issue...

t

From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of upsploit advisories
Sent: Sunday, March 18, 2012 1:56 PM
To: Michal Zalewski
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Fw: Earth to Facebook

The only other people that see the vulnerability are the select few in upSploit.

However if the vendor is already in the upSploit database the advisory gets submitted straight away to the vendor.

If you want to try it out there should be an upSploit vendor in the vendor list. Submit some advisories there.

There is no ploy - like anything it is about trust. I created the service because when I first started I found it hard to find contacts sometimes. Use it if you want, don't if you don't. Simple as that really!

Use it once for something you may not care about to much and see how it works for you.

Thanks,

On 18 March 2012 20:22, Michal Zalewski <lcamtuf@...edump.cx<mailto:lcamtuf@...edump.cx>> wrote:
> Without meaning to advertise, that is one of the reasons upSploit was
> created - so that you could submit a vulnerability and then upSploit
> automatically sends to the vendor. This way you and your friend don't have
> to do any of the work on the disclosure.
I clicked around and don't see any obvious explanation; other than the
reporter and the vendor, who else gets to see the submissions and
under what circumstances?

/mz


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ