Robert, Thanks for 'clearing' the smoke.
~Rick Rick Leske IT Manager NSE FamHost 800-658-1676 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert S. Stull Sent: Tuesday, July 30, 2002 10:56 AM - MGMT.TV To: [EMAIL PROTECTED] Subject: Web Messaging Hack (was: RE: [IMail Forum] ) There was no report to Ipswitch. We take these reports seriously and have spent a couple of days reproducing and fixing the problem. I won't say more, other than what you see up at bugtraq is not "...exactly what happened..." The fix will be out this afternoon or tomorrow morning. Bob -- Robert S. Stull Product Management Ipswitch, Inc. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Don Weber > Sent: Tuesday, July 30, 2002 11.36 > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] > > > Scott, i recall the original bugtraq post, and my understanding > was that it > was a full disclosure type of statement, as i understood it, he was > explaining the problem, and sent source code to reproduce the problem, yes > he sent a patch, but i didnt really feel that he was trying to get ppl to > run that, i think he was being quite outright in giving the source code he > used to create the patch, so that anyone could see that by viewing the > source and compiling from the source, they get the same program, > in which i > have yet to see any evidence of that source or program containing > a trojan, > mayb i just read it differently, but the last i seen on bugtraq > was IPswitch > saying basically that there is no problem. this is what got my attention. > personally i am about in the middle of full disclosure practices, I agree > that informing the company to an extent is and should be > attempted, but for > some reason i think this guy was just looked over, i mean you can see, he > reported a problem, and was told he was a hacker trying to get > ppl to run a > trojan, do you think it might be possible that he may have informed > ipswitch, say, 2 weeks ago, and already got a response from them saying > there was no problem, and therefore he posted to bugtraq, from what i see > first hand in this matter is that, he reported an exploit and was told by > the company that there is no problem. which leads me to blv that he would > have got the same response had he followed standard procedure. look at > bugtraq yourself, this is exactly what happened. > > Don > ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
