Re: ZA "User Input Circumvention Vulnerability Fix"
From: David (davidwnh@adelphia.net)
Date: 03/04/03
- Next message: David: "Re: Question on iptables"
- Previous message: David: "Re: WAR HAS BEEN DECLARED ON ZONE ALARM!!"
- In reply to: Marcus Castro: "Re: ZA "User Input Circumvention Vulnerability Fix""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David" <davidwnh@adelphia.net> Date: Tue, 04 Mar 2003 16:14:27 GMT
It's always a tough call Marcus, but when you have a company like MS for
example with "all the money in the world" who is often reluctant to fix some
things until someone makes the problem publicly known, than sometimes that
is what has to be done. There is often a way to prevent some of these
vulnerabilities before the "official" patches are released whether it is to
restrict certain functionality of a particular server for the time being or
reconfigure something in the software or os.
All in all, as an end user it pays to visit sites like BugTraq etc.
frequently because most of the software vendors wait close lipped until a
patch is issued even though their may be a temporary quick fix through a
simple configuration setting.
How many companies use registration information to do more than just make
profit off selling their loyal customer's email addresses as opposed to
emailing them security warnings or information about the availability of
patches? Most just let you know via email of major updates that come at a
cost.
> Hi,
>
> Actually since things like this get posted on BugTraq, its public
> knowledge anyway. I doubt there are really many secrets from the better
> hackers. They seem to usually be well-armed with knowledge. What's a LOT
> worse if when some people try to find vulnerabilities (whether it be ZA,
> Sygate, Symantec, doesn't matter), and post them publicly before
contacting
> the manufacturer or allowing them enough time to try to fix it. Now
*that*
> gives hackers an edge. Sometimes they post the code or even an EXE to do
it.
>
> Marcus
> PEACE
- Next message: David: "Re: Question on iptables"
- Previous message: David: "Re: WAR HAS BEEN DECLARED ON ZONE ALARM!!"
- In reply to: Marcus Castro: "Re: ZA "User Input Circumvention Vulnerability Fix""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
