RE: Multiple Backdoors found in eEye Products (IRISand SecureIIS)

[Barrie Dempster <barrie () reboot-robot net>]

I'd have to agree with the eEye statement on this one. You sent out an
advisory without disclosing the details, which offers no real benefit to
anyone. Many people consider this responsible disclosure but that also
requires you to notify the vendor (there were no @eeye.com's in your
"to" list but there were a couple of press mailboxes).

You didn't contact eEye, you didn't release details, you used an
anonymous address and failed to mention or credit any of the other guys
in your "testing team", This can only lead us to believe that the
advisory is fake and only intended to generate bad press for eEye. I
personally don't care about eEye's PR rating but I do care about the
level of noise on these lists and I do care about backdoor-ed commercial
products that are in common use. You may have an issue with eEye and see
this as revenge. However, I doubt you also have an issue with the many
admins who probably have spent their holiday season investigating these
claims, when there are likely more pressing matters to address, such as
a large stock of alcohol.

Show us details, or be quiet. If you intended to embarrass eEye the plan
backfired as any competent professional on this list (there are a few -
I've heard stories about them) would see this as a shameful attempt and
would be laughing at you, not eEye.

Seasons greetings to eEye and all Full Disclosure subscribers - even you
"Lance Gusto".

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html