Re: [Full-disclosure] To disclose or not to disclose

Salut, Simon, On Fri, 26 Sep 2008 23:39:34 -0400, Simon Smith wrote: > 1-) Create a formal advisory, contact the vendor and notify them of > the intent to release the advisory in a period of "n" days? If the > vendor refuses to fix the issue does the security company still > release the advisory i

Re: [Full-disclosure] [inbox] Re: Supporters urge halt to hacker's, extradition to US

thanks for this amazing insight. you must be a 5 time cissp James Matthews wrote: > When you break into a system using an exploit there is a chance that > the shellcode will crash the system. > > On Sun, Sep 28, 2008 at 11:03 AM, Exibar <[EMAIL PROTECTED] > > wrote: > >

Re: [Full-disclosure] [inbox] Re: Supporters urge halt to hacker's, extradition to US

7 :p On Sun, Sep 28, 2008 at 10:15 PM, rholgstad <[EMAIL PROTECTED]> wrote: > thanks for this amazing insight. you must be a 5 time cissp > > James Matthews wrote: > >> When you break into a system using an exploit there is a chance that the >> shellcode will crash the system. >> >> On Sun, Sep 2

Re: [Full-disclosure] [inbox] Re: Supporters urge halt to hacker's, extradition to US

When you break into a system using an exploit there is a chance that the shellcode will crash the system. On Sun, Sep 28, 2008 at 11:03 AM, Exibar <[EMAIL PROTECTED]> wrote: > McKinnon did cause damage: > > "The charges include one incident - shortly after the attacks on September > 11 2001 - wh

Re: [Full-disclosure] Cyber attacks in alphabetical order? Estonia, Georgia analysis

omigawd gadi! n3td3v wrote: > I've noticed these cyber attacks are in alphabetical order, E, G. > Also, if you turn E, G around you get the initials of Gadi Evron. ;) > > All the best, > > n3td3v > > ___ > Full-Disclosure - We believe in it. > Charter

[Full-disclosure] Cyber attacks in alphabetical order? Estonia, Georgia analysis

I've noticed these cyber attacks are in alphabetical order, E, G. Also, if you turn E, G around you get the initials of Gadi Evron. ;) All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charte

Re: [Full-disclosure] [inbox] Comments on: Browser patches yearn to be free

On Sat, Sep 27, 2008 at 10:48 PM, Razi Shaban <[EMAIL PROTECTED]> wrote: > On Sun, Sep 28, 2008 at 1:39 AM, Exibar <[EMAIL PROTECTED]> wrote: >> wholly crap... I never thought Id see the day >> N3td3v actually put together a thought that is clear, concise, to the point, >> >> and that I'll bet

Re: [Full-disclosure] To disclose or not to disclose

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Simon, If the issue really involves critical infrastructure you can expect(to an extent) many government and quasi-government organizations to step in and pressure the vendor to fix the issue before you go public. A real world example. At a recent co

Re: [Full-disclosure] To disclose or not to disclose

Hello simon, On 9/27/08, Simon Smith <[EMAIL PROTECTED]> wrote: > What should the security company do? There is not a drive-thru, general answer for such. It depends on the guidelines and "philosophies" each company stablished for itself to follow, previously. And more important, it depends on

Re: [Full-disclosure] [inbox] Re: Supporters urge halt to hacker's, extradition to US

McKinnon did cause damage: "The charges include one incident - shortly after the attacks on September 11 2001 - which brought down a network of 300 computers at the Earle naval weapons station. Another raid apparently left 2,000 government machines in Washington inoperable." http://www.guardian.c

Re: [Full-disclosure] Supporters urge halt to hacker's, extradition to US

[EMAIL PROTECTED] wrote: >> "American officials involved in this case have stated that they want >> to see him 'fry'."-- BBC. >> [IANAL, correct me if I'm wrong, etc, but...] Yes, that's a large part of the problem. That courts *can* be bought (usually indirectly via already-bought official

Re: [Full-disclosure] To disclose or not to disclose

On Fri, 26 Sep 2008, Simon Smith wrote: > What should the security company do? Make a list of users of the vulnerable technology, sell a pentest of that technology to as many of them as possible and reuse your knowledge of the vulnerability to make a lot of money with little effort. -- Pa