Bugtraq mailing list archives
Administrivia
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Tue, 14 Mar 2000 14:13:13 -0800
One question I've always wrestled with is whether to approve messages that affect services (such as specific web sites), instead of applications. During the last couple of weeks I've seen an increase in the number of such messages submitted to the list. Normally I do not like to approve such messages. I feel the issue is better dealt with by contacting the service provider or by bringing the issue up in a forum that targets users of the service. My rule of thumb is to only approve messages about service vulnerabilities if the population of affected users is large enough. What is "large enough" is difficult to determine. I think most people would agree users of a service like Hotmail is large enough (they claim several million users). Other things are somewhat more difficult. For example, is deja.com large enough? What do others think? Please send me private email. Do not reply to the list. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/
Current thread:
- Re: snmp problems still alive... Damir Rajnovic (Mar 10)
- Re: snmp problems still alive... monti (Mar 13)
- Re: snmp problems still alive... Damir Rajnovic (Mar 13)
- Unexpected and dangerous AIX 4.X linker behavior Gregory Neil Shapiro (Mar 14)
- Administrivia Elias Levy (Mar 14)
- Sojourn Search Engine exposes files Cerberus Security Team (Mar 14)
- abuse.man (webmanager kit) Guido Bakker (Mar 15)
- FreeBSD Security Advisory: FreeBSD-SA-00:07.mh FreeBSD Security Officer (Mar 15)
- FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx FreeBSD Security Officer (Mar 15)
- FreeBSD Security Advisory: FreeBSD-SA-00:09.mtr FreeBSD Security Officer (Mar 15)
- FreeBSD Security Advisory: FreeBSD-SA-00:10.orville-write FreeBSD Security Officer (Mar 15)
- Re: snmp problems still alive... monti (Mar 13)