Re: Half Disclosure

[Nicob <immunity () nicob net>]

> "... are going to withhold details about this flaw for three months.
> Full details will be published on the [later]. This three
> month window will allow users of [product] the time needed to download
> the updated version before the details are released to the general
> public. This reflects [companies]'s new approach to responsible
> disclosure."

You forgot the funniest part :

"This vulnerability can be detected by Typhon III [...]"

For network-aware vulnerabilities, knowing details about them is as
simple as sniffing the wire and analyzing the capture. And that's
already done by the real bad boys, who can afford these commercial
products ...

Less kiddies, but more risk for really attractive targets.
-- 
Nicob <immunity () nicob net>

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave