Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: To anybody who's offended by my disclosure policy
From: kf_lists <kf_lists () secnetops com>
Date: Sat, 27 Nov 2004 01:16:29 -0500

Gadi Evron wrote:

He is not a messenger, he is the executioner.

Nah... its more like Microsoft is one of the executioners... they lead all the sheep to slaughter every time they release a new piece of software. Skylined just reminded you of where they are taking you.

How? How is he doing me a favor and why don't I have a problem with other people who release vulnerabilities? You don't need a sixth sense to guess that.

Hrmm... stop using their crappy products. Bitch at support staff / general managers QA team members. Hrmm go get a friggin petition signed, Boycott them. I don't really care how you hold them accountable just stop bending over, spelling RUN out loud and then bitching at Skylined when you get screwed.

Hes doing you a favor because like half of the other folks on this list you were originally led to believe that this <insert bug name here> was nothing to worry about. He did you a favor because now while your vendor is claiming they knew nothing about it and doing the standard PR BS your AV vendor now has signatures and your IDS install can let you know you just got owned. He is the person that showed you that this nonexistant threat in reality was a threat. Maybe I am missing something.

You don't have a problem with other researchers because some of them are sheep of the same herd you flock in. Perhaps its because you sat in the dark vulnerable for months on end and had no clue that you had the potential of getting owned. You just got a little more comfort because you were notified that a patch was available at the same time you found out your browser was just a big pile. In reality you were a sitting duck like alot of other folks.

Just because a bug is not public or just because the vendor does not know about it certainly does not imply that someone else has not already found it and began exploiting it. Wake up and smell the napalm.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]