Full Disclosure mailing list archives
Re: The Cult of a Cardinal Number
From: Mark Lowes <hamster () proftpd org>
Date: Wed, 03 Mar 2004 09:36:47 +0000
On Tue, 2004-03-02 at 05:37, Phantasmal Phantasmagoria wrote:
- ---- Final thoughts ---------------- It is difficult, if not impossible, to please every group of the security community when releasing information pertaining to a vulnerability. Some will say that I should of contacted the vendor, some will say I should of kept the bug to myself, some will say I should of released exploit code. I can only offer one account; The Cult of a Cardinal Number has finished. It was found, exploited, and patched. And it has finished.
A cc of this email to security () proftpd org would have been appreciated if you felt the need not to give any prior warning to the team so problematic versions could be removed from the ftp archives and/or patched. Mark Lowes -- Mark Lowes <hamster () proftpd org> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The Cult of a Cardinal Number Phantasmal Phantasmagoria (Mar 02)
- Authentication flaw in Web Wiz forum Alexander (Mar 02)
- Re: Authentication flaw in Web Wiz forum Bruce Corkhill (Mar 02)
- Re: The Cult of a Cardinal Number Mark Lowes (Mar 03)
- <Possible follow-ups>
- Re: The Cult of a Cardinal Number Phantasmal Phantasmagoria (Mar 04)
- Authentication flaw in Web Wiz forum Alexander (Mar 02)