(...)
>Where's the security risk? If the software is rarely
>used, if no exploits are widespread, why bother
>informing the security community about some buffer
>just because it's too small.
>
>Add an exploit if you want to gain popularity -
>I personally do not encourage such postings here.
>
>Edi
I don't know if bugtraq is the right list to put ALL security failures,
or bugs, or whatever... I personally realeased only a few exploits and fixes
to major security problems on widely used softwares. But, I have few points
about your message:
1.) The list is moderated. I think that the Moderator knows what is best to
his list.
2.) What is the mesurement to a "too small" problem? Most people who sign
this list administrate LANs or even WANs with a vast variety of win95
software with those "small problems". Take for instance the weak encryption
of WS-FTP passwords: Basically, common users, have problems in reminding
passwords, so they use one password for all things they have to
authenticate, should I need to go further? On a WAN this simple thing can
cause a real disaster.
3.) Why should I sign a bunch of security lists when all I need to know
mainly is found in just one?
Cheers,
Wanderley
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:24 PDT