[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Command Injection Vulnerability in stat.qwest.net- OFFTOPIC
- To: "Full-Disclosure" <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Command Injection Vulnerability in stat.qwest.net- OFFTOPIC
- From: "MacDougall, Shane" <smacdougall@idanalytics.com>
- Date: Fri, 22 Aug 2003 10:20:07 -0700
IIRC Level 3 also uses looking glass...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Shane MacDougall
Lead Security Officer
ID Analytics
San Diego, California USA
Direct: (858) 427-2860
Toll Free: 866-240-4484 x 2860
Fax: 858-427-2899
-----Original Message-----
From: Blue Boar [mailto:BlueBoar@thievco.com]
Sent: Friday, August 22, 2003 9:19 AM
To: Kurt Seifried
Cc: Dan Daggett; Full-Disclosure
Subject: Re: [Full-Disclosure] Command Injection Vulnerability in
stat.qwest.net- OFFTOPIC
Kurt Seifried wrote:
> Why are you telling us this? How does it affect anyone, but qwest, who
you
> notified, and who fixed it. Do we now send out a security advisory
every
> time we notify sometime to disable a vulnerable service (sir, you have
> telnet enabled). This is getting ridiculous.
Couple of points: It may be nice to know the track record of a company
even though the problem has been fixed. Also, QWest isn't the only ISP
that uses Looking Glass...
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html