Information Security News mailing list archives

Re: Full Disclosure: How Much Security Info Is Too Much?

From: InfoSec News <isn () c4i org>
Date: Fri, 5 Oct 2001 02:51:22 -0500 (CDT)

Forwarded from: Aj Effin Reznor <aj () reznor com>

"InfoSec News was known to say....."

In fact, Marc Maiffret of eEye says that they were scheduled to
post the announcement a week earlier, but Microsoft contacted him
to ask for more time, saying there was a problem with the patch
and they needed another week to fix it.

EEye complied. Jay Dyson correctly noted that Microsoft publicly
thanked the company for waiting until they had prepared the patch.

 
On top of that, it's been established that CR II (and possibly CR I)
had a different enough structure to be considered as having NOT been
made possible by the disclosure of eEye's findings.

-aj.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

Current thread:

Full Disclosure: How Much Security Info Is Too Much? InfoSec News (Oct 02)
- <Possible follow-ups>
- Re: Full Disclosure: How Much Security Info Is Too Much? InfoSec News (Oct 03)
- Re: Full Disclosure: How Much Security Info Is Too Much? InfoSec News (Oct 04)
- Re: Full Disclosure: How Much Security Info Is Too Much? InfoSec News (Oct 05)
- RE: Full Disclosure: How Much Security Info Is Too Much? InfoSec News (Oct 05)