Full Disclosure mailing list archives
Re: Re: I have fixes for the Geeklog vulnerabilities
From: John Sage <jsage () finchhaven com>
Date: Mon, 6 Oct 2003 09:49:34 -0700
hmm.. On Mon, Oct 06, 2003 at 10:34:16AM +0530, morning_wood wrote:
Overall, this is a textbook example of how NOT to handle security issues. By not contacting the developers, posting a report full of inaccuracies, and, in the end, mostly non-working examples, Lorenzo Hernandez Garcia- Hierro has caused uncertainty and confusion amongst the Geeklog users and basically wasted everyone's time, including that of the developers. Dirk Haun, Maintainer of the Geeklog 1.3.x branch, Geeklog Development TeamDo your own work then... or would you have prefered him and whoever else he could tell to abuse Geeklog privatly until you perhaps stumble across the issues? Disclosure helps everyone, Any security disclosure is good,
/* snip */ "Any security disclosure is good..." A wonderfully naive attitude. Ever hear of lying? Disinformation? Libel? FUD? Or simply of someone being wrong? "Disclosure" without any technical evidence is gossip at best. Unfortunately, there are some who will believe almost anything they read. - John -- "You are in a twisty maze of weblogs, all alike." - John Sage: InfoSec Groupie - ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus- - ATTENTION: this entire message is privileged communication, intended for the sole use of its recipients only. If you read it even though you know you aren't supposed to, you're a poopy-head. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- I have fixes for the Geeklog vulnerabilities Lorenzo Hernandez Garcia-Hierro (Oct 05)
- Re: I have fixes for the Geeklog vulnerabilities Jouko Pynnonen (Oct 12)
- <Possible follow-ups>
- Re: I have fixes for the Geeklog vulnerabilities Dirk Haun (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities devnull (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities Michael Renzmann (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities John Sage (Oct 06)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 06)
- Re: Re: I have fixes for the Geeklog vulnerabilities John Sage (Oct 09)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 09)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities Lorenzo Hernandez Garcia-Hierro (Oct 08)