[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Download Accelerator Plus can be tricked to download malicious file

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Download Accelerator Plus can be tricked to download malicious file
From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
Date: Fri, 6 Jan 2006 18:52:14 -0000

visitbipin@xxxxxxxxxxx wrote in
news:20060105180806.22333.qmail@xxxxxxxxxxxxxxxxx
> Just n' update:
> DAP searches for all its mirrors from mirrorsearch.speedbit.com
>
> I have no knowledge about HOW the mirrors are gathered.

  Then your report should have been titled "Maybe DAP can be tricked to
download malicious file, maybe not, I haven't got any idea because I haven't
bothered to find out".

  Or even better, you shouldn't have bothered posting it because it has zero
content.  "There might or might not be a vulnerability in application X" is
NOT information.  Uninformed speculation is NOT information.

  What you actually observed was DAP not being tricked and not downloading a 
malicious file.  What you wrote was the exact opposite.  Your report is 
fraudulent and utterly dishonest.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

References:
- Re: Download Accelerator Plus can be tricked to download malicious file
  - From: visitbipin

Prev by Date: MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities
Next by Date: MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities
Previous by thread: Re: Download Accelerator Plus can be tricked to download malicious file
Next by thread: [eVuln] Lizard Cart CMS SQL Injection Vulnerability
Index(es):
- Date
- Thread