ediat_private wrote: > Is Bugtraq the right forum to report stupid > overflows in yet another shareware win95 mail/ftp > server, fetched from huge commercial crapware > repositories like download.com / shareware.com / others? > > Where's the security risk? If the software is rarely > used, if no exploits are widespread, why bother > informing the security community about some buffer > just because it's too small. I disagree with this post (also an unqualified post) as any security weakness if any application, no matter how small or how wide spread should be posted to this list. Not only does it force the developers to upgrade their security coding abilities, but it also inforces the fact that security through obscurity (or a fake sense of security) is never really a reliable policy. > Add an exploit if you want to gain popularity - > I personally do not encourage such postings here. > > Edi Add an exploit and allow the script kiddies fuck with little joe blogg's home box as he had setup a ftp server that he had d/l from one of these so called 'commercial crapware repositories' All things security related should be discussed, as whats the point of discussing 'only top class security weaknesses that kiddies can use to hack the government' ??? my two cents + 5% tip [v0rt]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:27 PDT