What else could be wrong?
Len
Can we take the discussion off list now??? I'd rather not "hear" the
bickering any longer
Thanks
Anthony
----- Original Message -----
From: "Gary Mauer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 22, 1999 2:32 AM
Subject: RE: [IMail Forum] [w00giving '99 #11] IMail's passwordencryption
scheme
> > All I can say is EXACTLY. You never know. But think. Would you
> > rather know there is a problem and get a patch for it or never know
> > their is a problem and get your system compromised by an attacker who
> > knows how to exploit the problem? I belive you would go with the
> > former.
>
> And all I can say is I'd rather the halfassed attacker didn't find out
about
> something like this the easy way - and I'd rather have Mike XXX work
harder
> to minimize the chance of that happening.
>
> Gary Mauer
>
> [EMAIL PROTECTED]
>
> Host/Moderator of the Window Cleaning Network
> - Your People, Product and Information Site -
> http://www.window-cleaning-net.com/
>
> Email Groups - 980 Networking Links
> 8 Bulletin Board and 21 Trade Show Links
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Mike
> > Sent: Wednesday, December 22, 1999 12:28 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [IMail Forum] [w00giving '99 #11] IMail's
> > passwordencryption scheme
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > > > Lastly, let me reiterate. There were no fees. I don't know where
> > > > you came up with that assumption.
> > >
> > > I came up with the assumption while looking for the word "free" in
> > > this statement...
> > > > > Actually, If you read the patch information, I sent them an
> > > > > email on the 13th and a second email on the 18th alerting them
> > > > > of the problem and offering them my services to help rectify
> > > > > the
> > > > > problem. I received no response.
> > >
> > > So it's not about the money - and you do something else for a
> > > living.
> > >
> > > But frankly, if this is a hobby of yours, I think I may be less
> > > impressed.
> >
> > Actually, I do do this for a living. Although, in this instance, my
> > work had nothing to do with this. I did this one purely on my own
> > time.
> >
> > > I don't know why you publicized this thing- and I am not so much
> > > concerned about the posting on this list as what went on elsewhere.
> > >
> > > People have threatened to cause problems with my services in the
> > > past - mostly blowhards, I think, but you never really know.
> > >
> > > I just don't feel like you did me any favors, Mike - like my
> > > situation is a little less secure because of all this.
> >
> > Well here is the reason I publicized this. If no one told the public
> > that there is a problem with Imail's encryption scheme and the
> > "underground"(I use this term loosely) had known about this, the
> > underground would now have one more tool to elevate their privliges
> > on a comprimised system.
> >
> > You are a heck of a lot less secure if the vendor and public no
> > nothing, but the underground does. Publicizing problems when the
> > vendor does nothing to rectify them forces them to do something and
> > in my opinion betters the users of the vendor's software.
> >
> > You state:
> > " People have threatened to cause problems with my services in the
> > past -
> > mostly blowhards, I think, but you never really know. "
> >
> > All I can say is EXACTLY. You never know. But think. Would you
> > rather know there is a problem and get a patch for it or never know
> > their is a problem and get your system compromised by an attacker who
> > knows how to exploit the problem? I belive you would go with the
> > former.
> >
> > Mike
> > eEye Digital Security Team
> > www.eEye.com
> >
> > Fingerprint:
> > AD0F 16F9 0067 7772 EFA9 996F 9AD2 5F16 A6AF EA7C
> > > Gary Mauer
> > >
> > > [EMAIL PROTECTED]
> > >
> > > Host/Moderator of the Window Cleaning Network
> > > - Your People, Product and Information Site -
> > > http://www.window-cleaning-net.com/
> > >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
> >
> > iQA/AwUBOGBvbprSXxamr+p8EQIhEgCfTipb5/7327SvxVcGkDv0PvraHSYAnivy
> > PBO+nTQJBMR1dD7kQx4GbLEx
> > =g3Vh
> > -----END PGP SIGNATURE-----
> >
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
