Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1999-q4

NTBugtraq And NTSecurity Archives: Fwd: RE: Multiples Remotes D

Fwd: RE: Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability

Arvel Hathcock (ArvelALTN.COM)
Sun, 28 Nov 1999 11:26:18 -0600

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Mnemonix: "NTInfoScan (now aka Cerberus Internet Scanner) has been updated"
Previous message: Mnemonix: "Oracle Web Listener"

Many thanks for providing me an opportunity to respond to the recent
DoS issue reported to NTBugtraq. First, let me say that a fix
for all our MDaemon/WorldClient Standard customers is available here:

http://www.altn.com/Downloads/incoming/md285fix.zip

and has been available since the very day the problem was brought to
our attention. The fix patches MDaemon 2.8.5.0 and higher. A patch
for WorldClient Pro will be available tomorrow.

I am a strong supporter in what groups like NTBugtraq are doing and I
believe that freely sharing information on security issues is good for
the consumer and good for the software industry as a whole. However, I
deplore the methods that 'USSRLabs' and others employ to this end.
Their statement that they have 'contacted the vendor' is patently
false. No one in our organization was contacted. I'm certain I speak
for many software vendors when I say that groups like 'USSRLabs' are
not really taken seriously. Their practices seem to be motivated by a
lust for self aggrandizement rather than a genuine interest in software
quality. The fact is, no one cares (or even remembers) who discovers a
problem with some piece of software. The only thing the consumer cares
about is getting the problem fixed. I'm proud to say that Alt-N has a
reputation for quickly fixing any and all such problems and I'm very
proud that over our 4 1/2 year history only two such problems (counting
this one) have ever been discovered.

In conclusion, we found out about this particular issue the same way
everyone else did - via a mailing list post. But that's ok with us
because the relationship we have with our customers is such that we do
not hide our mistakes from them. We are not ashamed of problems
because we don't consider ourselves to be gods who are above human
error. The relationship we have with our customers is not built upon
a 'no mistakes' expectation. Rather, it is founded on a history of
providing solutions to problems, no matter how large or small, with a
promptness that only small companies like ours can provide. For the
sake of our customers, not our reputation, it is unfortunate that we
were not contacted earlier as the 'USSRLabs' report falsely claims to
be the case.

Arvel Hathcock
Alt-N Technologies - http://www.altn.com
----------------------------------------
MDaemon - http://www.mdaemon.com
RelayFax - http://www.relayfax.com
WorldClient - http://www.worldclient.com
----------------------------------------

Next message: Mnemonix: "NTInfoScan (now aka Cerberus Internet Scanner) has been updated"
Previous message: Mnemonix: "Oracle Web Listener"

This archive was generated by hypermail 2.0b3 on Mon Nov 29 1999 - 12:39:30 CST