I for one appreciate the heads up, not everyone considers people on this list to be
script kiddies !!
we are all developers here and we don't need mr Watts to baby sit us.
on the topic of script kiddies, there is another side to that, there is the annoying
older internet worker who looks at everything like a lawyer and put disclaimers on
everything and want to protect us from ourselves. Gimme the script kiddies anyday,
script kiddies grow up to be internet workers and innovators, annoying legally minded
(old )programmers are just plain dull
> ** Original Subject: Re: The +.htr bug strikes again
> ** Original Sender: "Kevin Schmidt" <[EMAIL PROTECTED]>
> ** Original Date: Fri, 22 Dec 2000 14:21:39 -0500
> ** Original Message follows...
>
> Ok. I can see that my piece of information, that I intended to be totally
> harmless, has caused quite a stir. From now on I will keep my mouth shut.
> The only reason I let people on the list know is because the site uses CF
> and there had been alot of discussion on the topic over the past few day.
> Several people didn't even know the bug existed.
> I told the sites administrators about the problem and I don't know if they
> have fixed it yet or not. Maybe they don't care or maybe they do. There
> have been other sites metioned in this thread that have the same problem.
> People disclosed the information to warn consumers of the problem and to
> choose someone else to provide the service that the said company provided
> because the company hadn't fixed the issue. Some people on the list don't
> think mentioning these types of issues is a problem, others do. I am
> stepping of my soapbox now. If anyone has questions about the +.htr issue
> i'll be happy to entertain them. There have also been numerous posts with
> URL's to the patch posted to the list.
>
> Happy Holiday's
>
> Kevin Schmidt, Web Technology Manager
> Allaire Certified Cold Fusion Developer
> pwb inc.
> integrated marketing communications
> 350 S. Main St., Suite 350
> Ann Arbor, MI 48104
> 734.995.5000 (tel)
> 734.995.5002 (fax)
> www.pwb.com
>
>
> ----- Original Message -----From: "Dave Watts" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Friday, December 22, 2000 12:04 PM
> Subject: RE: The +.htr bug strikes again
>
>
> > > There are two sides to this issue. 1. Releasing bug/vulnerability
> > > information to the public will release hoards of script
> > > kiddies to cause havoc and dismay instantaniously without
> > > recourse. 2. Releasing bug/vulnerability information will cause
> > > industry leaders like Microsoft and respectively Allaire to
> > > act on the information sooner than later.
> > >
> > > I can see both sides of the fence but would lean to alerting
> > > the public to the problem. Security by obscurity is not a good
> > > policy to live by.
> >
> > While I agree with this as far as product vendors are concerned, that's
> not
> > what's going on here. It's one thing to release general information about
> > vulnerabilities in MS products to the public (although even within the
> > security community, there's quite a bit of debate over whether and how
> this
> > should be done - should the vendor be notified privately first, how long
> > between vendor notification and public release, etc.). It's another thing
> to
> > release specific information about who hasn't patched their installations
> of
> > vendor products, which is what's going on here - "so-and-so is vulnerable
> to
> > the .htr bug". This doesn't have any place within either side of the issue
> > that you're talking about, and is pretty irresponsible in my opinion.
> >
> > Dave Watts, CTO, Fig Leaf Software
> > http://www.figleaf.com/
> > voice: (202) 797-5496
> > fax: (202) 797-5444
> >
> >
>
~~~~~~~~~~~~~ Paid Sponsorship ~~~~~~~~~~~~~
Get Your Own Dedicated Win2K Server! Instant Activation for $99/month w/Free Setup
from SoloServer PIII600 / 128 MB RAM / 20 GB HD / 24/7/365 Tech Support Visit
SoloServer, https://secure.irides.com/clientsetup.cfm.
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
