[Full-Disclosure] How much longer?

From: Geoincidents (geoincidents_at_getinfo.org)
Date: 02/11/04

  • Next message: Scott Taylor: "RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
    To: "full-disclosure@lists.netsys.com" <'full-disclosure@lists.netsys.com'>
    Date: Tue, 10 Feb 2004 21:18:18 -0500
    
    

    This is a serious security issue imo

    http://www.eeye.com/html/Research/Upcoming/index.html

    I just saw this page for the first time today and I find this totally
    unacceptable behavior from a vendor. Where is the priority for root level
    exploits? Are you people comfortable knowing that a vendor has and *always
    will have* full backdoor access to all your Windows systems as long as we
    allow lag times like these?

    So the question is, how much longer is the security community going to
    tollerate this industry supported backdoor CRAP before getting back to full
    public disclosure with a 2 week warning for the vendor? Obviously force is
    required when dealing with slackers.

    Geo. (why haven't the news folks picked up on this for what it is, known
    backdoors to all Windows systems)

    Note to Marc from eeye, correct me if I'm wrong, most of these are backdoors
    right?

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Scott Taylor: "RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"