I don't know how your club works. Do you report to MS as well or just within your club that you charge people to be part of? Has MS responded to you if you did report it? What was their response that makes WINS a classic example?
joe -----Original Message----- From: Dave Aitel [mailto:[EMAIL PROTECTED] Sent: Monday, November 15, 2004 3:38 PM To: joe Cc: 'Michal Zalewski'; 'Berend-Jan Wever'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] MSIE src&name property disclosure That's a good question for your Microsoft sales rep. If you want technical details, Immunity has a working and reliable Wins exploit in the Vulnerability Sharing Club version of CANVAS. I think there's an interesting difference between how the Linux community handled the recent kernel bugs, and how Microsoft and other commercial vendors handle all bugs. Dave Aitel Immunity, Inc. joe wrote: >How is it an example? > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Dave Aitel >Sent: Monday, November 08, 2004 9:49 AM >To: Michal Zalewski >Cc: Berend-Jan Wever; [EMAIL PROTECTED]; >[EMAIL PROTECTED] >Subject: Re: [Full-Disclosure] MSIE src&name property disclosure > ><SNIP> >WINS is a classic example. ><SNIP> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
