Dailydave mailing list archives
Re: oooh, isc2 gets p0wned
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Sun, 6 Jun 2004 14:05:13 -0500
On Sunday 06 June 2004 09:41, Dave Aitel wrote:
One thing I've been thinking about is that you don't see the OISAFTEY people in the news nearly as much anymore. I'm hoping this means that it's lost all momentum
If only they would just go away.... http://finance.lycos.com/qc/news/story.aspx?symbols=NYSE:NET&story=200405251425_BWR__BW5568 The Microsoft Security Response team started quoting OIS guidelines to me the last time I tried to report a bug to them. The ensuing discussion was informative as to how they perceive independent researchers and the "community" as whole. The short version is that my reasons for having to accelerate the patch release (due to public traffic logs of the discovery) were irrelevant, and the only way I would get my "credit" would be to sit on my hands and wait for them to get around to fixing it. The fact that I really didn't care never made it across. The end result was that after five months of the code being available, they posted an inaccurate advisory that didn't include the real possibility of code execution. Qualys was given credit for reporting a similar vulnerability and only a handful of people are aware of just how easy it is to exploit the WINS overflow on Windows 2000....
, and not that they are busy raising money and playing behind the scenes lobbying games with politicians to take away our freedoms. I mean, any team with the SCO Group as a prominant member is a bad group to be on.
Its just amazing how Microsoft managed to turn that many companies into their sock puppets. Nothing like a little financial incentive to bend those boilerplate ethics... -HD _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- oooh, isc2 gets p0wned Dave Aitel (Jun 06)
- Re: oooh, isc2 gets p0wned H D Moore (Jun 06)
- Re: oooh, isc2 gets p0wned Dave Aitel (Jun 06)
- Re: oooh, isc2 gets p0wned H D Moore (Jun 06)
- Re: oooh, isc2 gets p0wned ned (Jun 07)
- Re: oooh, isc2 gets p0wned Dave Aitel (Jun 06)
- Re: oooh, isc2 gets p0wned Halvar Flake (Jun 06)
- Re: oooh, isc2 gets p0wned Dave Aitel (Jun 06)
- Re: oooh, isc2 gets p0wned H D Moore (Jun 06)
- <Possible follow-ups>
- RE: oooh, isc2 gets p0wned Thor Larholm (Jun 07)