Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3662
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 20 Sep 2008 09:34:57 +0200

Am Donnerstag 18 September 2008 schrieb Valdis.Kletnieks () vt edu:
Now if the next 47 things they find are *also* in lame products that nobody
uses, then you'd have a point...

IMHO there's nothing wrong publishing tons of vulns in "lame products" 
(whatever that should mean), why shouldn't less important apps also become 
more secure?

(A quick google shows that Hanno recently scored a CVE against clamav,
which certainly isn't a lame unused package. Might want to reconsider that
"lame fuck" label...)

And while the gallery team even payed me a bounty for a "lame issue", clamav 
didn't even bother to give me credits.

Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

Attachment: signature.asc
Description: This is a digitally signed message part.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]