At 12:05 PM 25/08/99 +0200, you wrote: >On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote: > > I'm really angry > >So am I. > >Did you ever think of contacting Linux distribution maintainers before >making these things public, especially if they have as much impact >as a remotable hole in wu-ftpd? > >I'm all for full disclosure intellectual property bla bla bla, but >just unloading a pile of shit on other people's doorsteps is NOT >what I would call in any way cooperative. Hello, Once again this issue raises its head. Why do all the developers who read the list believe that they should be informed before everyone else? The hole existed and was being exploited, at least Michal gave all the users who were using Wu-ftp the opportunity to do something about it BEFORE the developers put out their patches. Not everyone believes in the inform the vendor first motto that seems to be increasingly prevalent in Bugtraq. When are the vendors going to realise this and learn to deal with it? regards, Benjamin Smee Senior Computer Security Consultant Fingerprint: 4574 41AD D801 1533 455C E5F8 79C4 CEF1 AED8 58C1 ___________________________ IT Audit & Consulting (ITAC) Pty Ltd benat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:00:00 PDT