(...) >Where's the security risk? If the software is rarely >used, if no exploits are widespread, why bother >informing the security community about some buffer >just because it's too small. > >Add an exploit if you want to gain popularity - >I personally do not encourage such postings here. > >Edi I don't know if bugtraq is the right list to put ALL security failures, or bugs, or whatever... I personally realeased only a few exploits and fixes to major security problems on widely used softwares. But, I have few points about your message: 1.) The list is moderated. I think that the Moderator knows what is best to his list. 2.) What is the mesurement to a "too small" problem? Most people who sign this list administrate LANs or even WANs with a vast variety of win95 software with those "small problems". Take for instance the weak encryption of WS-FTP passwords: Basically, common users, have problems in reminding passwords, so they use one password for all things they have to authenticate, should I need to go further? On a WAN this simple thing can cause a real disaster. 3.) Why should I sign a bunch of security lists when all I need to know mainly is found in just one? Cheers, Wanderley
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:24 PDT