RE: Dangerous information in CentraOne log files - VENDOR RESPONSE

From: zedfly@hushmail.com
Date: 12/28/01 

From: zedfly@hushmail.com
To: Bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Date: Thu, 27 Dec 2001 15:13:52 -0800

-----BEGIN PGP SIGNED MESSAGE-----

On 12/7/01, an e-mail was sent to 7 different address @ Centra, four of these e-mail addresses were obtained directly from Centra's website; the remaining three addresses, taken from RFP's Policy, were added for completeness. On 12/17/01, ten days later, without a response from Centra, the posting was submitted to VulnWatch, BugTraq and NTBugTraq.

The vulnerability described in the original posting is contained in the version available for download their website. Per Centra's response, they have chosen not to temporarily remove it until a fix is available. Anyone evaluating this software may install a vulnerable version and it is, therefore, highly recommended that you consider postponing any evaluations, and purchase decisions until Centra has made a non-vulnerable version available for download. ...And you've ascertained whether or not they have actually fixed it.

As I'm sure you all know, one of the reasons vulnerability announcements are made is to test a company's effectiveness at dealing with security issues, one can learn a lot about how well you'll be supported this way.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlsEARECABsFAjwrqvgUHHplZGZseUBodXNobWFpbC5jb20ACgkQUqpz3LoqFkl8dACe
KyJM7lptQGnO3+8ICPj2KdBhQhkAoIxQlpP4zlW3cJspfxkt33oWGbR3
=IWEc
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Dangerous information in CentraOne log files - VENDOR RESPONSE
    ... As I'm sure you all know, one of the reasons vulnerability announcements are made is to test a company's effectiveness at dealing with security issues, one can learn a lot about how well you'll be supported this way. ... Protect your servers with 128-bit SSL encryption! ...
    (NT-Bugtraq)
  • Re: Surrealism and the Post Office
    ... I just don't think all this "security" business is buying us ... It's not aimed at terrorism or ... effectiveness -- you can't prove effectiveness, ... The violent, illiterate, broken-toothed rednecks /must/ be somehow ...
    (rec.arts.sf.composition)
  • Re: Surrealism and the Post Office
    ... I just don't think all this "security" business is buying us ... effectiveness -- you can't prove effectiveness, ... you see a would-be hijacker heading for the cockpit door, ... All the nonsense on the ground is just that -- nonsense.) ...
    (rec.arts.sf.composition)
  • RE: Hi jacking of home page
    ... Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines ... Internet Explorer Security: ... Windows XP Security Homepage: ...
    (microsoft.public.windowsxp.security_admin)
  • RE: hijacked homepage - javascript:go
    ... Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines ... Internet Explorer Security: ... Windows XP Security Homepage: ...
    (microsoft.public.security.virus)