Vulnerability Development mailing list archives
Re: mIRC Buffer Overflow
From: Blue Boar <BlueBoar () thievco com>
Date: Sun, 03 Feb 2002 20:46:48 -0800
Joseph Pingenot wrote:
Maybe. If Vendor doesn't release Patch, IMHO, publicizing the hole and then, maybe a while later, releasing the exploit is the proper way to go. Be vocal about it and the reasons for posting it like that, and people will migrate to a different (hey, Free Software guarantees at least *someone* can make a patch, even if Vendor is too lazy) software, since they now know that Vendor does not care about security.
Which sums things up nicely. (I don't want to start Yet Another Full Disclosure Discussion.) Policy of this list (and most lists that post vulnerability information) is to allow the poster to determine when information goes out. My only exception is for individual sites (i.e. Microsoft has a SQL injection hole at this site...) vs. a product. I may on occasion encourage a poster to do different, but it is their decision. BB
Current thread:
- mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow sould3mon (Feb 04)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
- Re: mIRC Buffer Overflow Hybrid (Feb 05)