Dailydave mailing list archives
Re: Half Disclosure
From: Nicob <immunity () nicob net>
Date: Wed, 03 Nov 2004 19:59:52 +0100
"... are going to withhold details about this flaw for three months. Full details will be published on the [later]. This three month window will allow users of [product] the time needed to download the updated version before the details are released to the general public. This reflects [companies]'s new approach to responsible disclosure."
You forgot the funniest part : "This vulnerability can be detected by Typhon III [...]" For network-aware vulnerabilities, knowing details about them is as simple as sniffing the wire and analyzing the capture. And that's already done by the real bad boys, who can afford these commercial products ... Less kiddies, but more risk for really attractive targets. -- Nicob <immunity () nicob net> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Half Disclosure robert (Nov 03)
- Re: Half Disclosure halvar (Nov 03)
- Re: Half Disclosure Dave Aitel (Nov 03)
- Re: Half Disclosure Gadi Evron (Nov 03)
- RE: Half Disclosure Chris Eagle (Nov 03)
- Re: Half Disclosure Dave Aitel (Nov 03)
- Re: Half Disclosure halvar (Nov 03)
- Re: Half Disclosure Nicob (Nov 03)
- Re: Half Disclosure ned (Nov 03)