Re: Apache Worm?From: Raistlin (email@example.com)
- Previous message: Przemyslaw Frasunek: "Re: procmail heap overflow"
- In reply to: hellNbak: "RE: Apache Worm?"
- Next in thread: Blue Boar: "Re: Apache Worm?"
- Reply: Blue Boar: "Re: Apache Worm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Raistlin" <firstname.lastname@example.org> To: <email@example.com> Date: Fri, 21 Jun 2002 13:46:00 +0200
> Correct, reporting a vulnerability is the right thing to do, we are in
> raging agreement. But purposely *NOT* contacting the vendors involved
> because for some stupid immature reason your "don't trust them" and then
> doing a press release on the vulnerability is not the right thing to do.
Expecially if you provide a patch which doesn't patch correctly the bug.
Bad move indeed, ISS.
Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys