Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities

From: David Kennedy CISSP (dkennedy_at_COMPUTER.ORG)
Date: 10/08/04

Next message: Bobby Ballard: "ActiveFile, XP+SP2, file download does not work"

Previous message: Ron Parker: "Re: CWS = Crummy Windows Security"
Maybe in reply to: Jason Coombs PivX Solutions: "Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities"
Next in thread: Ernst Lopes Cardozo: "Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Fri, 8 Oct 2004 14:45:25 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----

At 12:00 AM 10/8/2004 GMT, Jason Coombs PivX Solutions wrote:
>The longer one chooses non-disclosure, and the more willfully one
>does so, the less 'good' that disclosure appears - particularly
>after considering all of the technical truths about information
>security research and reverse engineering that you so carefully and
>corectly articulated.
>
>Immediate full disclosure that cannot be disputed and leaves no room
>for debate immediately helps anyone who chooses to receive and
>consider the disclosure. Everything else serves only to delay and
>obscure that clear and urgent security alert communique, increasing
>the window of exposure and the Total Risk of Ownership needlessly.

So everyone can expect immediate and full disclosure from PivX
effective immediately? May I suggest you start with all the details
regarding "unpatched," resurrection of that page, followed by
"immediate and full" disclosure of every bug PivX has contacted
Microsoft and every other vendor about. Ever. "Immediate and full"
after all.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
Comment: Hacker=Cybercriminal The definition changed get over it

iQCVAwUBQWbgQvGfiIQsciJtAQFTvQQAm2AdB/37SyVgaG3Qndg9kWHo84qy3TW3
YdQFUOHbj/gtZUTiM3TyK5xSEySO3r12QiovGquhJpt0DaSaHFFBb3NovEdK9nn7
c/3HM23dNpNB1iKkEINgpRu1Zs03orx1pLXRXHr3OGz5UTxb2quGkNQwYTldypfl
h9m2FJrMbN4=
=fOWg
-----END PGP SIGNATURE-----

--
Regards,
                                          /"\
David Kennedy CISSP                       \ / ASCII Ribbon Campaign
Protect what you connect;                  X  Against HTML Mail
Look both ways before crossing the Net.   / \
--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--

Next message: Bobby Ballard: "ActiveFile, XP+SP2, file download does not work"

Previous message: Ron Parker: "Re: CWS = Crummy Windows Security"
Maybe in reply to: Jason Coombs PivX Solutions: "Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities"
Next in thread: Ernst Lopes Cardozo: "Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]