Full Disclosure mailing list archives
Re: Vulnerabilities in *McAfee.com
From: "MustLive" <mustliveua () gmail com>
Date: Wed, 6 Apr 2011 04:38:34 +0300
Hello YGN Ethical Hacker Group! Just after you've disclosed your finding at McAfee's sites, I have congratulated you with nice disclosure and started to wait for reaction. And few days later I've read in Network World few articles about this issue (http://www.networkworld.com/news/2011/032811-mcafee-security-holes.html and http://www.networkworld.com/news/2011/033011-hackers-ygn-mcafee.html). So the reaction and buzz have came quickly. And in large scale - as simple google dork shows there are a lot of sites (up to 128000 results) posted this news. Mostly it's reposting of the same news, but still large attention to your disclosure. In February in our conversation I told that publishing of the video about holes at McAfee's sites would must bring attention, but in this case most attention was brought by disclosure in FD mailing list :-) (and a lot of attention). But that video can still come in handy for creating even more buzz about this issue. The most important thing in all this news articles is that they are claiming about defying of USA law. All these journalists and news copy-pasters are not familiar with laws (USA laws in particular), so they're just incorrectly blaming on YGN Ethical Hacker Group. As I wrote in 2009 in my article Hacking of web sites, security researches, disclosure and legislation (http://websecurity.com.ua/articles/security_researches_and_legislation/eng/), which was published in The Web Security Mailing List, particularly in item 5 of the article (where I wrote about legislations of Ukraine and USA), security researches, including finding and disclosing of vulnerabilities at web sites, are legal. So journalists must first get familiar with their own legislation, before writing such articles with such incorrect statements about other people. P.S. Cenzic is hole-loving company - earlier I wrote in my news about hole in their site's search engine which I found in 2006. And it's quite possible that from that time they haven't came far away from such approach. So I wish you good luck in your quest for Cenzic's holes ;-). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua Vulnerabilities in *McAfee.com From: YGN Ethical Hacker Group <lists () yehg net> Date: Mon, 28 Mar 2011 00:02:47 +0800 Vulnerabilities in *McAfee.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Vulnerabilities in *McAfee.com Cal Leeming (Apr 01)
- <Possible follow-ups>
- Re: Vulnerabilities in *McAfee.com MustLive (Apr 06)