|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: RFP2K03: Contemplations on dvwssr.dll and its affects on life
From: Federico G. Schwindt (core.lists.win2ksecadvice
CORE-SDI.COM)Date: Tue Apr 25 2000 - 16:49:34 CDT
- Next message: Cerberus Security Team: "Alert: Cart32 secret password backdoor (CISADV000427)"
- Previous message: Rustin Ross: "Re: RFP2K03: Contemplations on dvwssr.dll and its affects on life"
- Maybe reply: Federico G. Schwindt: "Re: RFP2K03: Contemplations on dvwssr.dll and its affects on life"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Russ wrote:
> The revisions clearly attempt to mitigate the scope of the vulnerability
> from what RFP originally said it was, to what he had now learned it was.
> This was clearly a case of cover-my-ass by RFP, knowing he had misinformed
> WSJ (and others) the night before.
I'm afraid the only case of cover-my-ass here is yours.
> I published what I knew, retractions, and corrections by others. My actions
> have been aired for all to see. Unfortunately RFP has chosen to forget many
> things, and attempt to present you his after-thoughts, revised, and
> incomplete.
Let's see. You're the NT bugtraq moderator, that should mean you have
at least some skills to know what should be published and what
shouldn't, and better yet, enough knowledge to check a vulnerability by
yourself, so the statement 'I published what I knew' it's very poor,
specially in your position. Having such behavior only confuses people.
> It should be a clear lesson to anyone who thinks they've discovered a
> vulnerability, before you go to the press be sure you have all of the
> analysis necessary to vet your own claims. IMNSHO, this can be done best
> with sufficient time and the Vendor, for others it may be best to do it on a
> mailing list. Its rarely best to go to the press first, as they usually
> cannot make the same revisions you can in a given amount of time (and time
> is an unknown quantity with the press).
So in your own words, I hope you've learned the lesson. I bet most of
us did.
Federico Schwindt.-
-- Federico G. Schwindt - Developer fgsch--- For a personal reply use fgsch
_____________________________________________________________________ ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice" ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST" SEND ALL COMMANDS TO: listserv
- Next message: Cerberus Security Team: "Alert: Cart32 secret password backdoor (CISADV000427)"
- Previous message: Rustin Ross: "Re: RFP2K03: Contemplations on dvwssr.dll and its affects on life"
- Maybe reply: Federico G. Schwindt: "Re: RFP2K03: Contemplations on dvwssr.dll and its affects on life"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]