[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: [bugtraq] Novell GroupWise WebAccess error modules loading
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Re: [bugtraq] Novell GroupWise WebAccess error modules loading
- From: Pete Connolly <pete.connolly@xxxxxxxxxxxxxx>
- Date: Tue, 18 Jan 2005 21:47:35 +0000
On Monday 17 January 2005 16:42, Marc Ruef wrote:
> Dear ladies and gentlemen
>
<SNIP description of two potential problems>
> We have not found any information on that issue. So I sent this information
> (nearly the same posting) on 14/12/04 to info@xxxxxxxxxx and asked for a
> solution. As I haven't heard _anything_ until 23/12/04 I sent a reminder
> email to the same address. So no reply came back we made this vulnerability
> public finally to force Novell to react on this case. An Attack Tool Kit
> (ATK) plugin that addresses this vulnerability will be published in the
> next days[1].
>
> Regards,
>
> Marc Ruef
>
> [1] http://www.computec.ch/projekte/atk/
It took me less than 10 seconds to find this url
http://support.novell.com/security-alerts/
using the keywords "novell security email address" in Google.
Had you taken the same time to do this, you would have found that
secure@xxxxxxxxxx is the place to send this kind of notification.
No doubt you've spent a lot of time doing some good research. Had you spent a
little longer there would probably be a patch by now. Making up 'possible'
email addresses for this kind of mail and then 'forcing' Novell to go public
on an issue that's probably sitting in a spam bucket is a bit of waste of
everyone's time and effort, your own included.
Regards
Peter
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html