Vulnerability Development mailing list archives
Administrivia #2808
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sun, 24 Oct 1999 10:45:05 -0700
First off, sorry about the delay and the sudden bunch of messages. I lost Internet connectivity for a few days. Second, I'm going to kill a couple of threads. I'm going to end the "classes" thread. I thought it would be useful information, but a couple of folks have reminded me that it's a bit off topic, and it's not fair for me to change charter on the fly like that. The other is the "wwwboard" a.k.a. payment for spotting holes thread. I should have realized that the original was way too inflammatory, and asked the author to cut it back to a question about the encryption type. I also should not have allowed the flame fest, my note included. Sorry about that, I'll do better in the future. As a summary to the wwwboard thread, here's what I gathered: -It uses standard unix crypt(3) hashing -It's often not smart to exercise a hole, and then announce yourself (no one has been accused of this, but it was brought up) -Many companies will be suspicious/afraid/apathetic if you send them a note telling them they have a hole -Given the previous, good luck asking for payment -If you want to get paid for this sort of thing, you should have an agreement in place before any holes are reported (and possibly before they are even looked for) I now return you to the reporting of holes, and writing of exploits. BB
Current thread:
- Administrivia #2808 Blue Boar (Oct 24)