Full Disclosure mailing list archives
Valid disclosure analogy
From: full-disclosure () lists netsys com (Defender Defender)
Date: Sat, 24 Aug 2002 22:36:05 +0000
Mr. Guninsky, you want real world? Here is real world... You are client of 'bank A'. You find out about a way to break in 'bank A' in a quite complicated and tricky manner, but yet possible. You inform 'bank A', but no answer! What to do? a) Dont do anything: all banks are vulnerable at some point. It's all a matter of risk, and keeping it secret is the best way to keep the risk at its lowest. Furthermore, the vulnerability does not compromise the quality of the service itself; b) Your money is at risk: remove it from 'bank A', put it in 'bank B'; c) Break in 'bank A' and steal other people's money, get plane ticket for bermudas; d) The evil 'bank A' put people at risk. Regardless of fact that you are not the owner of the bank, nor that you represent the interest of each and every of its clients, take the initiative to inform the world of the vulnerability details, how to exploit it, and if possible, make a point-and-click robot that breaks into the bank and steal money for you, and give a free copy to everyone who wants one; Yes, maybe you may see now, being the client of a vendor does not give you absolute right on the vendor nor its other clients. At very best, not happy about it? Switch vendor, and shut the fuck up. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
Current thread:
- Valid disclosure analogy Defender Defender (Aug 24)
- <Possible follow-ups>
- Re: Valid disclosure analogy pooh pooh (Aug 25)
- Re: Valid disclosure analogy hellNbak (Aug 25)
- Re: Valid disclosure analogy Isaak Bloodlore (Aug 25)
- Re: Valid disclosure analogy hellNbak (Aug 25)
- Re: Valid disclosure analogy Defender Defender (Aug 25)
- Re: Valid disclosure analogy pooh pooh (Aug 25)
- Re: Valid disclosure analogy Defender Defender (Aug 25)
- Re: Valid disclosure analogy Defender Defender (Aug 25)
- Re: Valid disclosure analogy Defender Defender (Aug 25)
- Re: Valid disclosure analogy Defender Defender (Aug 25)
- Re: Valid disclosure analogy pooh pooh (Aug 25)
(Thread continues...)