| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADYtyvLh9cVMaFkPGgu4iHsyQ+eCxRL1MUhCTBkHnk0X6KnPAw@mail.gmail.com> Date: Tue, 17 Jul 2012 07:47:53 -0400 From: Григорий Братислава <musntlive@...il.com> To: Jan Reilink <janreilink@...ida.com> Cc: king cope <isowarez.isowarez.isowarez@...glemail.com>, full-disclosure@...ts.grok.org.uk Subject: Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin On Tue, Jul 17, 2012 at 6:44 AM, Jan Reilink <janreilink@...ida.com> wrote: > I can't reproduce authentication bypass vulnerabilities you mention. > Also, there is more than one way to password protect a directory. Did > you disable 'anonymous authentication' in IIS 6.0/7.5, or did you remove > or deny IUSR-user NTFS permissions on the file system? > Is this silly question! Of course he is not remove and is deny permissions. Then he is not can make vulnerability disclosure. If is I leave my door open then I am is vulnerable to robber is take my family jewels. I can is go to congress and pitch law for stand my ground. If I is lock my door, I has nothing to say. Hello full disclosure!! !! !! MusntLive is like to warn you about disclosure-via-brownie-get-is-your-name-polluted-intouseless-cve-advisory-politics... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists