Dailydave mailing list archives

RE: Lap Dances for All

From: security curmudgeon <jericho () attrition org>
Date: Fri, 4 Mar 2005 16:19:17 -0500 (EST)


: Personally, I think that the 50 to 100K price tag effectively keeps the 
: vulnerabilities out of the reach of children. That's responsible enough 
: for my taste anyway.

In theory. 

If the inforamtion is not sent out encrypted, you can practically 
guarantee it is being shared to non-members. Think of CERT a few years 
back. [1]

If a company is a member and sends the mail to an internal mail list, it 
gets sent to Joe Admin who has a friend on the BobCMS dev team, he will 
also likely forward any BobCMS vulns to his friend. This impacts the value 
of the information being shared in the club as it may be patched faster 
than planned.

If a company is a member and leaves the information unencrypted on their 
machines, any compromise of those systems may further disclose it to non 
members.



[1] http://www.attrition.org/errata/sec-co/cert-04.html
    http://www.attrition.org/errata/sec-co/cert-02.html
    http://www.attrition.org/errata/sec-co/cert-01.html
    
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Lap Dances for All, (continued)
- - - Re: Lap Dances for All halvar (Mar 02)
    - Re: Lap Dances for All Jason (Mar 03)
    - Re: Lap Dances for All Adam Shostack (Mar 03)
- Re: Lap Dances for All Ejovi Nuwere (Mar 02)
- RE: Lap Dances for All Maynor, David (ISS Atlanta) (Mar 02)
- Re: Lap Dances for All Chris Wysopal (Mar 03)
  - Re: Lap Dances for All dan (Mar 03)
- RE: Lap Dances for All surreal (Mar 03)
  - RE: Lap Dances for All Chris Wysopal (Mar 03)
    - Re: Lap Dances for All Adam Shostack (Mar 03)
  - RE: Lap Dances for All security curmudgeon (Mar 04)
- RE: Lap Dances for All surreal (Mar 03)