Hi list,
Hrmm. Ok I'm no Sherlock Holmes but even I could see through this
'analysis'. This is obviously an elaborate attempt to soil the reputations of the fine
people, dare I say heros of information
security, at GOBBLES security.
Let's examine the case at hand:
1) Someone makes the effort
Hi Paul,
Again, what is it about your personality that makes you incapable
of taking part in an adult discussion of responsible disclosure
issues? Is it that anyone who has a different opinion than yours
is automatically not worth your time? That sounds kind of nazi-like
to me mr. Schmehl.
It's
Hi Paul,
I'm glad to see you are capable of a sensible response. I see
your points and it's nothing I haven't heard before. The thing
is, your arguments don't really hold any ground in this particular
event.
I've said all along that this issue has been publicly recognised
as being a security
Hi Jason,
First of all, thanks for taking the time to write a well thought
out response to my views and my statements.
Now let's get to it.
That having been said, your conclusions are wrong. In part this
is caused by a simple slip of logic and perhaps a flawed
understanding of statistics.
Hi Paul,
Admins and management base decisions on those differences. Now
let's look at the case at hand, which you characterize as
devastating.
Yes, lets.
Note the words may..cause a denial-of-service condition and
may.execute arbitrary code. It is those vagaries that folks
who
Hi Attica,
That's a fine example of the whitehat leech mentality you're
displaying there. Why do you insist on being so dependent on
other people's findings? You're supposed to be some sort of
security expert no? Well here's an idea, how about you go
research the bug yourself and base any
Hi Attica,
Let me break it down some more for you:
1) You rely on other people to give you the information
needed to exploit the bug.
2) You've clearly stated that you are incapable of determining
possible exploitation yourself.
3) You acknowledge that the bug has already been publicly
Hi Paul,
So there's the 1% l33ts like you, and then there's the 99% of the
human populace that has other things to do besides squirrel
around with code. I get it.
How does my squirreling around with code all day bare relevance
to the points I put forward? If anything you as an admin should
Hi Henry,
I have to agree with Josh on this one. Basically you admit
to not having any first-hand experience with the real
underground. This shows from your comments.
There are alot of lowkey collaborations of people who
research and exploit vulnerabilities for the pure joy
of solving the