Correct, reporting a vulnerability is the right thing to do, we are in raging agreement. But purposely *NOT* contacting the vendors involved because for some stupid immature reason your "don't trust them" and then doing a press release on the vulnerability is not the right thing to do. Its not always as simple as black and white. On Wed, 19 Jun 2002 sanjay.patelat_private wrote: > Date: Wed, 19 Jun 2002 13:56:42 -0400 > From: sanjay.patelat_private > To: hellnbakat_private > Cc: vuln-devat_private > Subject: RE: Apache Worm? > > Reporting a vulnerability is the right think to do. How do you know that > the blackhats did not already know of this hole. > > -----Original Message----- > From: hellNbak [mailto:hellnbakat_private] > Sent: Wednesday, June 19, 2002 11:55 AM > To: Doesnt Matter > Cc: vuln-devat_private > Subject: Re: Apache Worm? > > > Yeah this could be used in a worm. You can all thank ISS for exposing > all you non-ISS customers. Quick pay their extortion fees....errr buy > their software you you too can be protected from the so called > "untrustworthy" open source vendors.......... > > Thanks ISS! > > bah... > > On Wed, 19 Jun 2002, Doesnt Matter wrote: > > > Date: Wed, 19 Jun 2002 07:09:35 +0800 > > From: Doesnt Matter <ackstormat_private> > > To: vuln-devat_private > > Subject: Apache Worm? > > > > what would be the likely hood a cracker could turn this into a > > internet worm, and what would the possible destruction be? I'm aware > > still over 50% of the webservers are running apache, but the diffrent > > distros might cause somewhat of a problem. would it not? ~ack > > > > -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbakat_private http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 16:17:16 PDT