[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: The Cult of a Cardinal Number

To: phantasmal@xxxxxxx
Subject: [Full-Disclosure] Re: The Cult of a Cardinal Number
From: Mark Lowes <hamster@xxxxxxxxxxx>
Date: Wed, 03 Mar 2004 09:36:47 +0000

On Tue, 2004-03-02 at 05:37, Phantasmal Phantasmagoria wrote:
> - ---- Final thoughts ----------------
> It is difficult, if not impossible, to please every group of the security
> community when releasing information pertaining to a vulnerability. Some
> will say that I should of contacted the vendor, some will say I should
> of kept the bug to myself, some will say I should of released exploit
> code. I can only offer one account; The Cult of a Cardinal Number has
> finished. It was found, exploited, and patched. And it has finished.

A cc of this email to security@xxxxxxxxxxx would have been appreciated
if you felt the need not to give any prior warning to the team so
problematic versions could be removed from the ftp archives and/or
patched.

    Mark Lowes

-- 
Mark Lowes <hamster@xxxxxxxxxxx>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] The Cult of a Cardinal Number
  - From: Phantasmal Phantasmagoria

Prev by Date: [Full-Disclosure] OpenLinux: Tcpdump flaws in ISAKMP
Next by Date: [Full-Disclosure] OpenLinux: screen buffer overflow
Previous by thread: [Full-Disclosure] Re: Authentication flaw in Web Wiz forum
Next by thread: [Full-Disclosure] [SECURITY] [DSA 454-1] New Linux 2.2.22 packages fix local root exploit (alpha)
Index(es):
- Date
- Thread