Re: mIRC Buffer Overflow

[Joseph Pingenot <jap3003 () ksu edu>]

> From Krish Ahya on Sunday, 03 February, 2002:
> I understand this, but thats all the more reason to not release an exploit.
> An advisory only would have better suited the situation, especially when the
> vendor won't fix the problem.

Maybe.  If Vendor doesn't release Patch, IMHO, publicizing the hole
  and then, maybe a while later, releasing the exploit is the proper
  way to go.  Be vocal about it and the reasons for posting it like that,
  and people will migrate to a different (hey, Free Software guarantees
  at least *someone* can make a patch, even if Vendor is too lazy)
  software, since they now know that Vendor does not care about security.

--Joseph

-- 
Joseph======================================================jap3003 () ksu edu
"If you really want to toggle [Internet Explorer] into secure mode, you
  just need to click the little 'X" in the top right corner of the window."
     --User dsb3 on www.slashdot.org.       [Use Mozilla! www.mozilla.org.]