RE: dtlogin advisory

["Thor Larholm" <thor () pivx com>]

> From: Dave Aitel [mailto:dave () immunitysec com] 
> Anton A. Chuvakin wrote:
| I just love this advisory style :-) It boils down to: for exploit - go

| here, for fix - go f* yourself :-)  And the date - this is a typo - 
| right? :-) 2002 or 2003?
|
> You can curse on this list if you want. We're all adults here. :> 
> Although you'll get some bounces from people with sensitive mail
filters.

Can any one security researcher still post to lists and not get bounces
from AV vendors? ;)

A more interesting twist on content controversies on the net might be
how the "dirty seven" are officially censored from the .US TLD.

http://lists.jscript.dk/pipermail/seclegal_lists.jscript.dk/2004-March/0
00029.html

> That date's not a typo. For full access to Immunity's research, 
> we offer a Vulnerability Sharing Service. Maybe some of the 
> bugs in it right now will be released in 2006! :> If you 
> download the SPIKE file for the dtlogin bug, you'll notice it 
> says "SPIKE 2.6 or above". Current public SPIKE is 2.8 (and outdated).

Even if you do not publicly release those advisories you still notify
the vendors first, right?



Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor () pivx com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave