Dailydave mailing list archives
RE: dtlogin advisory
From: "Thor Larholm" <thor () pivx com>
Date: Tue, 23 Mar 2004 19:11:06 -0800
From: Dave Aitel [mailto:dave () immunitysec com] Anton A. Chuvakin wrote:
| I just love this advisory style :-) It boils down to: for exploit - go | here, for fix - go f* yourself :-) And the date - this is a typo - | right? :-) 2002 or 2003? |
You can curse on this list if you want. We're all adults here. :> Although you'll get some bounces from people with sensitive mail
filters. Can any one security researcher still post to lists and not get bounces from AV vendors? ;) A more interesting twist on content controversies on the net might be how the "dirty seven" are officially censored from the .US TLD. http://lists.jscript.dk/pipermail/seclegal_lists.jscript.dk/2004-March/0 00029.html
That date's not a typo. For full access to Immunity's research, we offer a Vulnerability Sharing Service. Maybe some of the bugs in it right now will be released in 2006! :> If you download the SPIKE file for the dtlogin bug, you'll notice it says "SPIKE 2.6 or above". Current public SPIKE is 2.8 (and outdated).
Even if you do not publicly release those advisories you still notify the vendors first, right? Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- dtlogin advisory Dave Aitel (Mar 23)
- Re: dtlogin advisory Anton A. Chuvakin (Mar 23)
- Re: dtlogin advisory Dave Aitel (Mar 23)
- <Possible follow-ups>
- RE: dtlogin advisory Thor Larholm (Mar 23)
- Re: dtlogin advisory Nahual (Mar 23)
- Re: dtlogin advisory Anton A. Chuvakin (Mar 23)