-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > Lastly, let me reiterate. There were no fees. I don't know where
> > you came up with that assumption.
>
> I came up with the assumption while looking for the word "free" in
> this statement...
> > > Actually, If you read the patch information, I sent them an
> > > email on the 13th and a second email on the 18th alerting them
> > > of the problem and offering them my services to help rectify
> > > the
> > > problem. I received no response.
>
> So it's not about the money - and you do something else for a
> living.
>
> But frankly, if this is a hobby of yours, I think I may be less
> impressed.
Actually, I do do this for a living. Although, in this instance, my
work had nothing to do with this. I did this one purely on my own
time.
> I don't know why you publicized this thing- and I am not so much
> concerned about the posting on this list as what went on elsewhere.
>
> People have threatened to cause problems with my services in the
> past - mostly blowhards, I think, but you never really know.
>
> I just don't feel like you did me any favors, Mike - like my
> situation is a little less secure because of all this.
Well here is the reason I publicized this. If no one told the public
that there is a problem with Imail's encryption scheme and the
"underground"(I use this term loosely) had known about this, the
underground would now have one more tool to elevate their privliges
on a comprimised system.
You are a heck of a lot less secure if the vendor and public no
nothing, but the underground does. Publicizing problems when the
vendor does nothing to rectify them forces them to do something and
in my opinion betters the users of the vendor's software.
You state:
" People have threatened to cause problems with my services in the
past -
mostly blowhards, I think, but you never really know. "
All I can say is EXACTLY. You never know. But think. Would you
rather know there is a problem and get a patch for it or never know
their is a problem and get your system compromised by an attacker who
knows how to exploit the problem? I belive you would go with the
former.
Mike
eEye Digital Security Team
www.eEye.com
Fingerprint:
AD0F 16F9 0067 7772 EFA9 996F 9AD2 5F16 A6AF EA7C
> Gary Mauer
>
> [EMAIL PROTECTED]
>
> Host/Moderator of the Window Cleaning Network
> - Your People, Product and Information Site -
> http://www.window-cleaning-net.com/
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOGBvbprSXxamr+p8EQIhEgCfTipb5/7327SvxVcGkDv0PvraHSYAnivy
PBO+nTQJBMR1dD7kQx4GbLEx
=g3Vh
-----END PGP SIGNATURE-----
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
