Re: Sendmail hole

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Scott Chasin: "Re: so..."
• Previous message: Dave Hayes: "Re: Sendmail hole"
• In reply to: Dave Hayes: "Re: Sendmail hole"

> > Well, it appears that someone has tried to take advantage of the (now) well

> Wrong! You start broadcasting news about security holes, some unscrupulous
> person(s) will abuse the security hole. It is up to agencies like CERT and
> the manufacturers of the software to produce fixed versions of the software.
> 
> While I understand your position, there are more people out there trying
> to bust into sites instead of protecting them. This details of how a site
> was broken into it should not be discussed on this type of list until it
> has been determined that software susceptible to the security hole has
> been patched or replaced.
> 

(for bugtraq only)

Whoa there Thag!  Your response of "Wrong!" is very WRONG here.  This list 
was created for the sole reason that other lists would not talk about the
details.  I am very grateful to this list (as well as others) for the 
information I gain.

If you have a problem with this policy then move to Iran or China where
freedom of speech is not protected.  

I do agree that there is a problem with divulging information to the bad
guys.  I think you should have noted that he did let CERT and others know
and that they appearently ignored him.  That has always been the problem.

I for one don't give a damm about CERT and have stopped asking to talk with
them as they rarely if ever fix anything or respond and I've been reliably 
known to them for many a year from a number of companies.  This list is
well justified and the "good" it serves well outbalances the "bad."

• Next message: Scott Chasin: "Re: so..."
• Previous message: Dave Hayes: "Re: Sendmail hole"
• In reply to: Dave Hayes: "Re: Sendmail hole"