Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Amazon, MSN vulns and.. Yes, we know! Most sites have vulnerabilities

From: David Taylor <ltr () isc upenn edu>
Date: Sat, 24 Jun 2006 09:41:17 -0400

I guess our disconnect on this is my lack of knowledge on how the actual
exploits get submitted.  I think I just assumed it was the person that
discovered the vulnerability and/or developed the exploit that submits it to
places like Milw0rm.


On 6/24/06 9:11 AM, "Gadi Evron" <ge () linuxbox org> wrote:



Once again we are mostly in agreement, but there is one point I do
disagree on completely.

How would having the vulnerability being exploited by Bad Guys already,
who get it via their sources, while not letting the Good Guys know about
and put pressure on the vendor to fix help out?

Like I said earlier, this isn't black and white and some vendors do things
right, still, the one thing about Full Disclosure no one can dispute,
despite whatever else it may be - it works.

Now how is the exploits being out and just us not knowing about them help
us any? The ones who use the for harm will do so regardless.

Gadi.




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: