Bugtraq mailing list archives

Re: Submission

From: Georgi Guninski <guninski () GUNINSKI COM>
Date: Wed, 29 Nov 2000 18:52:08 +0200

hellnbak () HUSHMAIL COM wrote:


Thanks for your reply Georgi.

develop a fix.   I remember a post a while back from you that said, "Why
should I help the vendor".   My question to you is, why not help the vendor?
 You said yourself, that they have to get their acts together why not assist
in that process like the rest of us are?


I don't remember writing anywhere "Why should I help the vendor" - could
you give an URL where it is written - it very easy writing "lame shit"
as you define it anonymously.
In fact I am helping both vendors and users. I do free research for
vendors and I give workarounds (which sometimes are better than patches
that open other vulnerabilities).
I have given all vendors enough time to warn their client about a
workaround until a patch is available.
Do you find it normal a vulnerability to exist for 4 months and the
vendor not to warn their customers there is a vulnerability which is
stopped by a simple workaround?
I have reported vulnerabilities and go public without a patch about
Microsoft, IBM, Netscape and SUN. Only one of them complained about not
having enough time to fix the vulnerabilities - some of the other
vendors gave me awards despite the fact I went public without a patch.

Georgi Guninski

Current thread:

Submission hellnbak (Nov 28)
- Re: Submission Ryan Russell (Nov 29)
- Re: Submission Georgi Guninski (Nov 29)
- Re: Submission Geo. (Nov 29)
  - Re: Submission Gunther Birznieks (Nov 30)
- <Possible follow-ups>
- Re: Submission hellnbak (Nov 29)
  - Re: Submission Georgi Guninski (Nov 30)
- Re: Submission Robert G. Ferrell (Nov 29)
  - Re: Submission Scott Blake (Nov 30)
- Re: Submission aarhus (Nov 29)
- Re: Submission Rune Kristian Viken (Nov 30)
- Re: Submission Geoffrey Moon (Nov 30)
- Re: submission rain forest puppy (Nov 30)
- Re: Submission Elias Levy (Nov 30)