Full Disclosure mailing list archives
Re: Microsoft Cries Wolf ( again )
From: ATD <simon () snosoft com>
Date: 01 Jul 2003 12:10:54 -0400
Amen On Tue, 2003-07-01 at 07:37, KF wrote:
The solution to this problem lies in the hands of the vendors, *not* in the hands of the researchers.*This is no lie... after a while one (researchers) simply gets tired of bending over backwards to get the vendor to listen. You get to a point where you simply don't care sometimes...* vendors are frustrating... they first act like they can't talk to you unless you are paying for support... then the don't understand what it is you are trying to say... then they claim that oh thats not a business critical issue we are gonna sit on our rump for 6 months and then maybe we will fix it.... IF you even make it to that point... For examle I am waiting on a certain 3 letter company to get back to me on a local root exploit... I used their web based email form which claims a 24 hour response time... its now 5 days later and no response... that failed so I start the usual blind emails to security@ support@ somebodyfirggenhelpme@ and no one responds... so then I call their phone and go through every friggin option in their PBX system.. still can't find someone to help out... "... security staff... what do you mean... I have never had someone ask something like that" me: you know... like I have a security issue with your product... you need to fix it... "thats interesting... I'll have to see what I can find... we never get calls like this" me: *sigh* I have done my due dilligence... here in about 1 day the problem is 100% theirs... I will give the public the old chomd -s reccomendation and be done with it... Someone in the .gov get us a vendor responsibility bill or something... -KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Microsoft Cries Wolf ( again ) Peter van den Heuvel (Jul 01)
- <Possible follow-ups>
- Re: Microsoft Cries Wolf ( again ) Thilo Schulz (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Andrew Griffiths (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Georgi Guninski (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Schmehl, Paul L (Jul 01)
- Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- Re: Microsoft Cries Wolf ( again ) ATD (Jul 01)
- Re: Microsoft Cries Wolf ( again ) madsaxon (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Richard M. Smith (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Mike Fratto (Jul 01)
- RE: Microsoft Cries Wolf ( again ) Cesar (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Brett Hutley (Jul 02)
- Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Peter van den Heuvel (Jul 01)
- Re: Microsoft Cries Wolf ( again ) mattmurphy () kc rr com (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 01)
- Re: Microsoft Cries Wolf ( again ) KF (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 01)
- Re: Microsoft Cries Wolf ( again ) dhtml (Jul 01)