RE: [lists] Re: F-Secure to release XSS "potential dangers"

["Curt Purdy" <purdy () tecman com>]

Valdis.Kletnieks () vt edu wrote:
> > n3td3v said:
> >
> > This is highly irresponsible of F-Secure and they should be held
> > legally responsible if the information they release in relation to
> > their "Netscape hacked" blog entry is used maliciously.
>
> You might want to review what you've posted to lists 
> regarding vulnerabilities,
> and ask yourself - if F-Secure gets held to some legal 
> standard of liability.
> where do you end up yourself?
>
> I don't know who's going to end up the test case/poster child 
> for vulnerability
> liability - but it's much more likely to be an individual 
> that posts to
> this list and can't afford a lawyer than a corporation with 
> deep pockets
> like F-Secure....

:) n3td3v's mouth is going to get her in trouble one of these days.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
Information Security Officer 
Information Systems Security
infosysec.net
443.846.4231

-------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/