Re: [Full-Disclosure] Pepsi Bottlecap Liner Labeling Information Leak Vulnerability

tcleary2_at_csc.com.au
Date: 02/20/04

  • Next message: please_reply_to_security_at_sco.com: "[Full-Disclosure] OpenLinux: Multiple vulnerabilities were discovered in the saned daemon" 
    To: full-disclosure@lists.netsys.com
Date: Fri, 20 Feb 2004 13:28:39 +0800

    >Vendor Status:
    >The vendor has not been notified.

    <humour>

    I am horrified that you released this without working closely with the
    Manufacturer.

    You have caused a huge problem for the enormous number of hard-working
    retailers
     who are now exposed to tremendous risk as the uninitiated exploit this
    vector.

    Shame on you - even if you know that fix would be scheduled for the early
    part of April
    ( probably the first, I expect.. )

    As with all irresponsible disclosure, I fully expect the Vendor to not
    give you credit - as
    is right!

    Boo! Hiss!

    tom.

    </humour>
    ----------------------------------------------------------------------------------------
    This is a PRIVATE message. If you are not the intended recipient, please
    delete without copying and kindly advise us by e-mail of the mistake in
    delivery. NOTE: Regardless of content, this e-mail shall not operate to
    bind CSC to any order or other contract unless pursuant to explicit
    written agreement or government initiative expressly permitting the use of
    e-mail for such purpose.
    ----------------------------------------------------------------------------------------

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: please_reply_to_security_at_sco.com: "[Full-Disclosure] OpenLinux: Multiple vulnerabilities were discovered in the saned daemon"

    Relevant Pages

    • Re: SBCL just turned 1.0!
      ... KT> fairy has left the building, we eagerly await your patch. ... trace the problem to the vendor, make a bug report, and the vendor ... magical support contract, so I filed a support request and included ... of code with the bug and fix it! ...
      (comp.lang.lisp)
    • Re: [Full-disclosure] How much time is appropriate for fixing a bug?
      ... Also, if a vendor has a "venerability" to the community, then they ... There's no "responsibility" to disclose anything. ... <If and when they fix it is up to them.> ... so if vendor don't fix it /ack the bug.. ...
      (Full-Disclosure)
    • Re: STM32 ARM toolset advice?
      ... Compulsory car comparison: would you buy a car where the motor block is ... you yourself using a self-help book) can fix? ... compilers work better than a compiler vendor. ...
      (comp.arch.embedded)
    • Re: Complicated Disclosure Scenario
      ... either A) they put you on pay roll and you fix all ... Initially the bug presented itself as a way to ... > before they began creating an advisory or even working on a patch. ... > I informed this vendor, who is by no means short on resources, that I ...
      (Vuln-Dev)
    • Re: [Full-Disclosure] Microsoft Cries Wolf ( again )
      ... profitiable to allow sloppy code and a simple fix later (behind the scenes ... vendor notification, rather than public notification. ... > You don't fix code by extensive testing. ...
      (Full-Disclosure)