RE: Apache Worm?

[hellNbak <hellnbak () nmrc org>]

Correct, reporting a vulnerability is the right thing to do, we are in
raging agreement.  But purposely *NOT* contacting the vendors involved
because for some stupid immature reason your "don't trust them" and then
doing a press release on the vulnerability is not the right thing to do.

Its not always as simple as black and white.

On Wed, 19 Jun 2002 sanjay.patel () rexwire com wrote:

> Date: Wed, 19 Jun 2002 13:56:42 -0400
> From: sanjay.patel () rexwire com
> To: hellnbak () nmrc org
> Cc: vuln-dev () securityfocus com
> Subject: RE: Apache Worm?
>
> Reporting a vulnerability is the right think to do. How do you know that
> the blackhats did not already know of this hole.
>
> -----Original Message-----
> From: hellNbak [mailto:hellnbak () nmrc org]
> Sent: Wednesday, June 19, 2002 11:55 AM
> To: Doesnt Matter
> Cc: vuln-dev () securityfocus com
> Subject: Re: Apache Worm?
>
>
> Yeah this could be used in a worm.  You can all thank ISS for exposing
> all you non-ISS customers.  Quick pay their extortion fees....errr buy
> their software you you too can be protected from the so called
> "untrustworthy" open source vendors..........
>
> Thanks ISS!
>
> bah...
>
> On Wed, 19 Jun 2002, Doesnt Matter wrote:
>
> > Date: Wed, 19 Jun 2002 07:09:35 +0800
> > From: Doesnt Matter <ackstorm () hackermail com>
> > To: vuln-dev () securityfocus com
> > Subject: Apache Worm?
> >
> > what would be the likely hood a cracker could turn this into a
> > internet worm, and what would the possible destruction be?  I'm aware
> > still over 50% of the webservers are running apache, but the diffrent
> > distros might cause somewhat of a problem. would it not? ~ack

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak () nmrc org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-