Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Unqualified Postings
From: storm () UNIKEY COM BR (Wanderley J. Abreu Jr.)
Date: Tue, 2 Nov 1999 04:02:12 -0200

(...)

Where's the security risk? If the software is rarely
used, if no exploits are widespread, why bother
informing the security community about some buffer
just because it's too small.




Add an exploit if you want to gain popularity -
I personally do not encourage such postings here.

Edi


    I don't know if bugtraq is the right list to put ALL security failures,
or bugs, or whatever... I personally realeased only a few exploits and fixes
to major security problems on widely used softwares.  But, I have few points
about your message:

1.) The list is moderated. I think that the Moderator knows what is best to
his list.

2.) What is the mesurement to a "too small" problem? Most people who sign
this list administrate LANs or even WANs with a vast variety of win95
software with those "small problems". Take for instance the weak encryption
of WS-FTP passwords: Basically, common users, have problems in reminding
passwords, so they use one password for all things they have to
authenticate, should I need to go further? On a WAN this simple thing can
cause a real disaster.

3.) Why should I sign a bunch of security lists when all I need to know
mainly is found in just one?

Cheers,
        Wanderley

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]