Security Basics mailing list archives
Re: [Dailydave] Hyenas of the Security Industry
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Mon, 21 Jun 2010 22:09:25 +0200
On 2010-06-18 andrew.wallace wrote:
In reply to http://lists.immunitysec.com/pipermail/dailydave//2010-June/006130.html What he done was cyber terrorism, the same as all the other researchers have been doing for a long time... inciting cyber attacks through a disclosure release, to force a vendor to change policy by pressure of cyber attacks created by the disclosure. It's expected researchers will stick up for other researchers and not believe they are doing anything wrong and believe their actions improve security, they don't.
So, basically you're saying that security is actually improved by vendors not patching severe vulnerabilities for years? Well, here's news for you: as long as vendors refuse to fix their screw-ups in a timely fashion (just in case you didn't notice: people paid them good money for their not-so-good-after-all software), I consider it quite acceptable for every unpatched vulnerability to explode right into their faces. It's the vendors who create the problem in the first place, not the messenger reporting the problem. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- [Dailydave] Hyenas of the Security Industry andrew.wallace (Jun 21)
- Re: [Dailydave] Hyenas of the Security Industry Ansgar Wiechers (Jun 23)
- Re: [Dailydave] Hyenas of the Security Industry Matthew Lye (Jun 23)