mailing list archives
From: Georgi Guninski <guninski () GUNINSKI COM>
Date: Wed, 29 Nov 2000 18:52:08 +0200
hellnbak () HUSHMAIL COM wrote:
Thanks for your reply Georgi.
develop a fix. I remember a post a while back from you that said, "Why
should I help the vendor". My question to you is, why not help the vendor?
You said yourself, that they have to get their acts together why not assist
in that process like the rest of us are?
I don't remember writing anywhere "Why should I help the vendor" - could
you give an URL where it is written - it very easy writing "lame shit"
as you define it anonymously.
In fact I am helping both vendors and users. I do free research for
vendors and I give workarounds (which sometimes are better than patches
that open other vulnerabilities).
I have given all vendors enough time to warn their client about a
workaround until a patch is available.
Do you find it normal a vulnerability to exist for 4 months and the
vendor not to warn their customers there is a vulnerability which is
stopped by a simple workaround?
I have reported vulnerabilities and go public without a patch about
Microsoft, IBM, Netscape and SUN. Only one of them complained about not
having enough time to fix the vulnerabilities - some of the other
vendors gave me awards despite the fact I went public without a patch.