Vulnerability Development mailing list archives
Re: mIRC Buffer Overflow
From: Joseph Pingenot <jap3003 () ksu edu>
Date: Sun, 3 Feb 2002 20:06:48 -0600
From Krish Ahya on Sunday, 03 February, 2002: I understand this, but thats all the more reason to not release an exploit. An advisory only would have better suited the situation, especially when the vendor won't fix the problem.
Maybe. If Vendor doesn't release Patch, IMHO, publicizing the hole and then, maybe a while later, releasing the exploit is the proper way to go. Be vocal about it and the reasons for posting it like that, and people will migrate to a different (hey, Free Software guarantees at least *someone* can make a patch, even if Vendor is too lazy) software, since they now know that Vendor does not care about security. --Joseph -- Joseph======================================================jap3003 () ksu edu "If you really want to toggle [Internet Explorer] into secure mode, you just need to click the little 'X" in the top right corner of the window." --User dsb3 on www.slashdot.org. [Use Mozilla! www.mozilla.org.]
Current thread:
- mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow sould3mon (Feb 04)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
- Re: mIRC Buffer Overflow Hybrid (Feb 05)