Full Disclosure mailing list archives

RE: Websites vulnerabilities disclosure

From: "Adriel Desautels" <adesautels () comcast net>
Date: Fri, 7 Oct 2005 13:10:01 -0400

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greets, 
        If the issue impacts a single person then why does the world need to
know? In that case disclosure is pointless and damaging. If however
the issue impacts many people some of which you don't know and have
no way of contacting, then disclosure is a must as it will protect
them in the long run. Don't get the arguments mixed up. Generally
speaking, vulnerabilities almost never impact a single person, even
web application vulnerabilities.

- --> -----Original Message-----
- --> From: full-disclosure-bounces () lists grok org uk 
- --> [mailto:full-disclosure-bounces () lists grok org uk] On 
- --> Behalf Of Valdis.Kletnieks () vt edu
- --> Sent: Friday, October 07, 2005 12:43 PM
- --> To: Raghu Chinthoju
- --> Cc: full-disclosure () lists grok org uk
- --> Subject: Re: [Full-disclosure] Websites vulnerabilities
disclosure 
- --> 
- --> On Fri, 07 Oct 2005 14:38:34 +0530, Raghu Chinthoju said:
- --> > I say, "... hey listen! your house entrance door latch 
- --> isn't strong 
- --> > enough.. there are only 4 screws instead 16, which is the 
- --> practice..
- --> > you have a risk of some one easily barging into your 
- --> house ...". For 
- --> > some reason you don't respond.. I publish it in the local 
- --> news paper 
- --> > that ".. Mr. X's door latch is week and any one can break 
- --> it easily 
- --> > ..." Do you think it is ethical??? I seriously think not.
- --> 
- --> The ethics change somewhat if instead of Mr. X, it's a 
- --> branch of a bank with many customers, or one of those 
- --> "You-Store-It" storage facilities, or if it's a medical 
- --> research lab that works with dangerous pathogens, or 
- --> anyplace else where it's more than just Mr. X's goods or 
- --> well-being that's endangered....
- --> 
- --> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: http://www.secnetops.com

iQA/AwUBQ0ar6ZNLRT/rHZe1EQLPOgCgvbcqJKz2WX3lpgJczOp3A0fy/QoAoMOe
sHmZy9YJ8O2FBZoVmKXs5ay+
=aj61
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Websites vulnerabilities disclosure offtopic (Oct 05)
- Re: Websites vulnerabilities disclosure Javi Polo (Oct 06)
- Re: Websites vulnerabilities disclosure Georgi Guninski (Oct 06)
  - Re: Websites vulnerabilities disclosure Stan Bubrouski (Oct 07)
- Re: Websites vulnerabilities disclosure Raghu Chinthoju (Oct 07)
  - Re: Websites vulnerabilities disclosure Peer Janssen (Oct 07)
  - Re: Websites vulnerabilities disclosure Valdis . Kletnieks (Oct 07)
    - RE: Websites vulnerabilities disclosure Adriel Desautels (Oct 07)
- <Possible follow-ups>
- RE: Websites vulnerabilities disclosure offtopic (Oct 06)
  - Re: Websites vulnerabilities disclosure Georgi Guninski (Oct 07)
- RE: Websites vulnerabilities disclosure Fielder, Kevin (GE Consumer Finance) (Oct 07)
  - Re: Websites vulnerabilities disclosure TheGesus (Oct 07)