And I'm sure glad you took the time to notice! -- Michael D. Wood ITSecurityPros.org www.itsecuritypros.org
----- Reply message ----- From: "Benji" <[email protected]> To: "Michael D. Wood" <[email protected]> Cc: "JxT" <[email protected]>, "Zach C." <[email protected]>, <[email protected]> Subject: [Full-disclosure] Splunk Vulnerability Date: Thu, Sep 6, 2012 4:53 am well Im glad we got multiple emails saying you all agree,. On Thu, Sep 6, 2012 at 8:50 AM, Michael D. Wood <[email protected]> wrote: > I agree. Splunk *IS* doing what it was designed to do. > > > > -- > > Michael D. Wood > > ITSecurityPros.org > > www.itsecuritypros.org > > > > From: JxT [mailto:[email protected]] > Sent: Thursday, September 06, 2012 2:19 AM > To: Zach C. > Cc: Michael D. Wood; [email protected] > Subject: Re: [Full-disclosure] Splunk Vulnerability > > > > On Wed, Sep 5, 2012 at 11:30 PM, Zach C. <[email protected]> wrote: > > 1.) The tool, Splunk, is designed to index logs > 2.) Logs are arbitrary files. > Therefore, > 3.) Splunk is designed to index arbitrary files. > > > > Agreed, Splunk is doing exactly what it's designed to do. This is not a > vulnerability within Splunk itself. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
