Forwarded from: Marc Maiffret <marcat_private> Ya Lyman is a good guy just screwed the facts a bit. I been meaning to email him to let him know that... I still hate the canned phrase "came under fire" since we never really did come under fire for anything. Unless coming under fire means two ignorant people rambled their mouths about a topic they had no understanding of. :-] Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: owner-isnat_private [mailto:owner-isnat_private]On Behalf | Of InfoSec News | Sent: Thursday, October 04, 2001 1:05 AM | To: isnat_private | Subject: Re: [ISN] Full Disclosure: How Much Security Info Is Too Much? | | | Forwarded from: Kim Zetter/PCWORLD <kzetterat_private> | | Per Jay Lyman's story about full disclosure at NewsFactor Network | (http://www.newsfactor.com/perl/story/13871.html), he wrote: | | > Experts agree that advisories, by their very nature, may be a heads-up | > to hackers. eEye Security came under fire for disclosing the Code Red | > vulnerability in June before Microsoft had released a patch for the | > hole, and again for releasing detailed information after Code Red was | > controlled, which some blamed for the success of the Code Red II virus. | | I'm not sure where Lyman got his info but, according to eEye (and per | the story I wrote about it at | http://www.pcworld.com/news/article/0,aid,60744,00.asp ) | | the company notified Microsoft of the vulnerability in May and waited | a month for the patch to be produced before making their announcement | simultaneously with Microsoft's posting of the patch in June. | | In fact, Marc Maiffret of eEye says that they were scheduled to post | the announcement a week earlier, but Microsoft contacted him to ask | for more time, saying there was a problem with the patch and they | needed another week to fix it. | | EEye complied. Jay Dyson correctly noted that Microsoft publicly | thanked the company for waiting until they had prepared the patch. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 03:32:47 PDT