Bugtraq mailing list archives
Re: Unqualified Postings
From: v0rt () DAYROM COM AU (v0rt)
Date: Tue, 2 Nov 1999 16:54:23 +0000
edi () GANYMED ORG wrote:
Is Bugtraq the right forum to report stupid overflows in yet another shareware win95 mail/ftp server, fetched from huge commercial crapware repositories like download.com / shareware.com / others? Where's the security risk? If the software is rarely used, if no exploits are widespread, why bother informing the security community about some buffer just because it's too small.
I disagree with this post (also an unqualified post) as any security weakness if any application, no matter how small or how wide spread should be posted to this list. Not only does it force the developers to upgrade their security coding abilities, but it also inforces the fact that security through obscurity (or a fake sense of security) is never really a reliable policy.
Add an exploit if you want to gain popularity - I personally do not encourage such postings here. Edi
Add an exploit and allow the script kiddies fuck with little joe blogg's home box as he had setup a ftp server that he had d/l from one of these so called 'commercial crapware repositories' All things security related should be discussed, as whats the point of discussing 'only top class security weaknesses that kiddies can use to hack the government' ??? my two cents + 5% tip [v0rt]
Current thread:
- Amanda multiple vendor local root compromises Tellier, Brock (Oct 30)
- Re: Amanda multiple vendor local root compromises Ian Turner (Nov 01)
- Re: Amanda multiple vendor local root compromises Chris Tobkin (Nov 01)
- Re: Amanda multiple vendor local root compromises Bill Fumerola (Nov 01)
- Re: Amanda multiple vendor local root compromises monti (Nov 01)
- Re: Amanda multiple vendor local root compromises Rob (Nov 01)
- Unqualified Postings edi () GANYMED ORG (Nov 01)
- Re: Unqualified Postings v0rt (Nov 02)
- <Possible follow-ups>
- Re: Amanda multiple vendor local root compromises Alexandre Oliva (Nov 02)
- Re: Amanda multiple vendor local root compromises Alexandre Oliva (Nov 02)