Administrivia #2808

Blue Boar (BlueBoarTHIEVCO.COM)
Sun, 24 Oct 1999 10:45:05 -0700

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Blue Boar: "Re: IE 5.0 vulnerability"
• Previous message: Josh Burns: "IE 5.0 vulnerability"

First off, sorry about the delay and the sudden bunch of messages. I lost
Internet connectivity for a few days.

Second, I'm going to kill a couple of threads.

I'm going to end the "classes" thread. I thought it would be useful
information, but a couple of folks have reminded me that it's a bit off
topic, and it's not fair for me to change charter on the fly like that.

The other is the "wwwboard" a.k.a. payment for spotting holes thread. I
should have realized that the original was way too inflammatory, and asked
the author to cut it back to a question about the encryption type. I also
should not have allowed the flame fest, my note included. Sorry about
that, I'll do better in the future.

As a summary to the wwwboard thread, here's what I gathered:

-It uses standard unix crypt(3) hashing
-It's often not smart to exercise a hole, and then announce yourself (no
one has been accused of this, but it was brought up)
-Many companies will be suspicious/afraid/apathetic if you send them a note
telling them they have a hole
-Given the previous, good luck asking for payment
-If you want to get paid for this sort of thing, you should have an
agreement in place before any holes are reported (and possibly before they
are even looked for)

I now return you to the reporting of holes, and writing of exploits.

                                                BB

• Next message: Blue Boar: "Re: IE 5.0 vulnerability"
• Previous message: Josh Burns: "IE 5.0 vulnerability"

This archive was generated by hypermail 2.0b3 on Sun Oct 24 1999 - 12:58:03 CDT