Dailydave mailing list archives
RE: Lap Dances for All
From: security curmudgeon <jericho () attrition org>
Date: Fri, 4 Mar 2005 16:19:17 -0500 (EST)
: Personally, I think that the 50 to 100K price tag effectively keeps the : vulnerabilities out of the reach of children. That's responsible enough : for my taste anyway. In theory. If the inforamtion is not sent out encrypted, you can practically guarantee it is being shared to non-members. Think of CERT a few years back. [1] If a company is a member and sends the mail to an internal mail list, it gets sent to Joe Admin who has a friend on the BobCMS dev team, he will also likely forward any BobCMS vulns to his friend. This impacts the value of the information being shared in the club as it may be patched faster than planned. If a company is a member and leaves the information unencrypted on their machines, any compromise of those systems may further disclose it to non members. [1] http://www.attrition.org/errata/sec-co/cert-04.html http://www.attrition.org/errata/sec-co/cert-02.html http://www.attrition.org/errata/sec-co/cert-01.html _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lap Dances for All, (continued)
- Re: Lap Dances for All halvar (Mar 02)
- Re: Lap Dances for All Jason (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- Re: Lap Dances for All Ejovi Nuwere (Mar 02)
- RE: Lap Dances for All Maynor, David (ISS Atlanta) (Mar 02)
- Re: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All dan (Mar 03)
- RE: Lap Dances for All surreal (Mar 03)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- RE: Lap Dances for All security curmudgeon (Mar 04)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- RE: Lap Dances for All surreal (Mar 03)