[Full-Disclosure] How much longer?

From: Geoincidents (geoincidents_at_getinfo.org)
Date: 02/11/04

  • Next message: Scott Taylor: "RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
    To: "full-disclosure@lists.netsys.com" <'full-disclosure@lists.netsys.com'>
    Date: Tue, 10 Feb 2004 21:18:18 -0500
    
    

    This is a serious security issue imo

    http://www.eeye.com/html/Research/Upcoming/index.html

    I just saw this page for the first time today and I find this totally
    unacceptable behavior from a vendor. Where is the priority for root level
    exploits? Are you people comfortable knowing that a vendor has and *always
    will have* full backdoor access to all your Windows systems as long as we
    allow lag times like these?

    So the question is, how much longer is the security community going to
    tollerate this industry supported backdoor CRAP before getting back to full
    public disclosure with a 2 week warning for the vendor? Obviously force is
    required when dealing with slackers.

    Geo. (why haven't the news folks picked up on this for what it is, known
    backdoors to all Windows systems)

    Note to Marc from eeye, correct me if I'm wrong, most of these are backdoors
    right?

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Scott Taylor: "RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"

    Relevant Pages

    • [NEWS] Wonderware SuiteLink Denial of Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Vendor Information, Solutions and Workarounds ... Core sends the advisory draft to Wonderware support team. ...
      (Securiteam)
    • [Full-Disclosure] Security Industry Under Scrutiny: Part 3
      ... > varying degrees of 'faith' in the security industry. ... site admins and other whitehats. ... > architect would be notifying the software vendor alone... ... Full disclosure isn't so much a tool to get vunerability information ...
      (Full-Disclosure)
    • [NT] Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (MS0
      ... Get your security news from a reliable source. ... Internet Explorer Zone Elevation Restrictions Bypass and Security Zone ... Vendor Information, Solutions and Workarounds: ... Core sends an advisory ...
      (Securiteam)
    • RE: Vendor wants remote control of our Servers and Workstations
      ... Of course the age-old problem with security is that ... Vendor has significant access to your internal ... this vendor uses the same method to support a number ... customer and makes significant changes ... ...
      (Security-Basics)
    • Security researchers organization
      ... of security researchers, plain and simple. ... better than the vendor itself. ... industry, telecommunications industry and banking industry has ( ... These are all common ideals we can agree and act upon, ...
      (NT-Bugtraq)