On Tue, 11 Mar 2003, Alan W. Rateliff, II wrote: > What really irks me is that we shouldn't have to ask this question. I don't > know what the order of events are, but it seems to me that this > vulnerability was made public with a POC exploit before Qualcomm was given > time to inform us and supply a patch.
It gets worse than that. The USA's vaterland^H^H^H^H^H^H^H^H^homeland security laws have made it almost impossible for people to get disclosure on this stuff before the announcements are done. A select few know about it and if they breathe a word about it, they may find themselves up on terrorism support charges. It is entirely possible that Qualcomm knew about it for months and have been unable to reveal it. Time to move those disclosure lists off to a slightly saner country, folks... AB
