> > REPEAT BY: > > > > Exploit details will not be made available, until a patch is > > provided. > > [ ..deleted.. ] > > Why this change in heart? You've always gone with full disclosure in the > past. Did all of the complaints finally get to you guys? I'm not > complaining, you've done lots of good in the past, IMHO, and am just a > bit surprised by this. > > I think that the biggest pro of full disclosure, is that it get's people > off their butts and gets a good solution or patch that much faster. > > Dave > --david@umbc.edu > Again, I echo Dave's remarks. If you think that any cracker with half a brain doesn't know how to exploit it, then you're quite silly. If you think that most sysadmins (with no time on their hands, and screaming users who wanna know why their file can be un-rm-ed) do know how to exploit it (and prevent it) then you're sillier than bozo the clown. Not to be harsh, but the flow of information is still there, only now it goes only to those who use it poorly. Knowledge is power, and right now, all of these are known by a certain segment, and not known by another... Which segment do you think needs to know more? -- + alan@mid.net Network Operations Center (402)/472-0242, Fax (402)/472-0240 + + + + + + + + + + + + + + + + + + + + ++ + + + + + + + + + + + + + + + + + + + + +============\\ "Those who are willing to give up some liberty for some + +MIDnet, Inc. \\______ security lose both and deserve neither." - B. Franklin +