|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Fwd: Information on MS99-022
Weld Pond (weld
L0PHT.COM)
Mon, 5 Jul 1999 08:14:47 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Aleph One: "Re: Fwd: Information on MS99-022"
- Previous message: papowellASTART.COM: "Re: Security problem with LPRng"
- Maybe in reply to: Chris Leishman: "Security problem with LPRng"
- Next in thread: Russ: "Re: Fwd: Information on MS99-022"
On Sun, 4 Jul 1999, Renaud Deraison wrote:
> And I'm writing a free security auditing tool, and I won't be able to
> implement a security check for this, because I'm not a "vendor" ?
> (apparently only software vendors are welcomed to the ICSA's IDC --
> they did not reply to my request of being admitted in this consortium
> [so that I could get information about this flaw])
I have an idea. To counter this information witholding problem, non-vendor
individuals who find security problems should have mailing lists that only
non-vendor individuals are on. Yeah, sure the information will eventually
leak out but it will take much longer for the problems to be fixed by the
vendors. Of course Microsoft and members of their selected consortia would
be forbidden to join the list.
Does this seem like a good idea? Well personally I think it is crazy but
it is exactly what Microsoft is asking individual security contributers
and practitioners to accept, albeit shoe on other foot.
-weld
- Next message: Aleph One: "Re: Fwd: Information on MS99-022"
- Previous message: papowellASTART.COM: "Re: Security problem with LPRng"
- Maybe in reply to: Chris Leishman: "Security problem with LPRng"
- Next in thread: Russ: "Re: Fwd: Information on MS99-022"
This archive was generated by hypermail 2.0b3 on Sun Jul 04 1999 - 22:47:42 CDT