Re: Apache Worm?

From: Raistlin (raistlin@gioco.net)
Date: 06/21/02


From: "Raistlin" <raistlin@gioco.net>
To: <vuln-dev@securityfocus.com>
Date: Fri, 21 Jun 2002 13:46:00 +0200


> Correct, reporting a vulnerability is the right thing to do, we are in
> raging agreement. But purposely *NOT* contacting the vendors involved
> because for some stupid immature reason your "don't trust them" and then
> doing a press release on the vulnerability is not the right thing to do.

Expecially if you provide a patch which doesn't patch correctly the bug.

Bad move indeed, ISS.

Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys