Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory

On Tue, 28 Aug 2007 15:49:31 PDT, Blue Boar said:
I remember people being all paranoid about the DMCA. They were worried
security researchers would be sued for trying to release vulnerability
information. But since that turned out to be unfounded, I guess we don't
have to worry about the German thing. ;)

Unless you're unlucky and your name is Skylarov or Felten.

Attachment: pgpwzOT2cjaoA.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • [Full-Disclosure] Misinformation in Security Advisories (ASN.1)
    ... this impact of this misinformation is that many corporations out there spent tens of thousands of dollars in resources and manpower last week to get this issue fixed enterprise-wide. ... When Sinan Eren questioned the exploitability of this issue, there was no response from Eeye: ... For a company that does so much quality vulnerability research and employs many talented people, it's very disappointing to see what honestly can't be characterized as anything but deliberate misinformation. ... I'd like to ask someone from Eeye to respond to these claims, but honestly they're not the only security researchers guilty of this. ...
    (Full-Disclosure)
  • [Full-Disclosure] Re: openssh remote exploit
    ... Blue Boar wrote: ... > A programming error needs to be exploitable before it can be conclusively ... > called a vulnerability or a hole. ... It also often helps clarify what class of vulnerability it is. ...
    (Full-Disclosure)