Re: Unqualified Postings

[storm () UNIKEY COM BR (Wanderley J. Abreu Jr.)]

(...)
> Where's the security risk? If the software is rarely
> used, if no exploits are widespread, why bother
> informing the security community about some buffer
> just because it's too small.

> Add an exploit if you want to gain popularity -
> I personally do not encourage such postings here.
>
> Edi

    I don't know if bugtraq is the right list to put ALL security failures,
or bugs, or whatever... I personally realeased only a few exploits and fixes
to major security problems on widely used softwares.  But, I have few points
about your message:

1.) The list is moderated. I think that the Moderator knows what is best to
his list.

2.) What is the mesurement to a "too small" problem? Most people who sign
this list administrate LANs or even WANs with a vast variety of win95
software with those "small problems". Take for instance the weak encryption
of WS-FTP passwords: Basically, common users, have problems in reminding
passwords, so they use one password for all things they have to
authenticate, should I need to go further? On a WAN this simple thing can
cause a real disaster.

3.) Why should I sign a bunch of security lists when all I need to know
mainly is found in just one?

Cheers,
        Wanderley