('binary' encoding is not supported, stored as-is) In-Reply-To: <20030804002946.4431.qmailat_private> You've got to be kidding me? >The vendor hasn't been notified because of their >handling of previous vulnerabilties I found in Invision >Board I am extremely responsible with regards to security and in most cases I've had a fix ready and available within 30 minutes of receiving note of a vulnerability. I take a dim view of posting exact details of vulnerabilities before people have a chance to patch their board and I take a dim view of needlessly alarming people with almost trivial matters, such as this. If you find a vulnerability in a program and you post details of how to exploit it without notifying the vendor then that is very irresponsible indeed.
This archive was generated by hypermail 2b30 : Tue Aug 05 2003 - 13:33:59 PDT