Home page logo
/

isn logo Information Security News mailing list archives

RE: Full Disclosure: How Much Security Info Is Too Much?
From: InfoSec News <isn () c4i org>
Date: Fri, 5 Oct 2001 02:51:46 -0500 (CDT)

Forwarded from: Marc Maiffret <marc () eeye com>

Ya Lyman is a good guy just screwed the facts a bit. I been meaning to
email him to let him know that...

I still hate the canned phrase "came under fire" since we never really
did come under fire for anything. Unless coming under fire means two
ignorant people rambled their mouths about a topic they had no
understanding of. :-]

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities


| -----Original Message-----
| From: owner-isn () attrition org [mailto:owner-isn () attrition org]On Behalf
| Of InfoSec News
| Sent: Thursday, October 04, 2001 1:05 AM
| To: isn () attrition org
| Subject: Re: [ISN] Full Disclosure: How Much Security Info Is Too Much?
|
|
| Forwarded from: Kim Zetter/PCWORLD <kzetter () pcworld com>
|
| Per Jay Lyman's story about full disclosure at NewsFactor Network
| (http://www.newsfactor.com/perl/story/13871.html), he wrote:
|
| > Experts agree that advisories, by their very nature, may be a heads-up
| > to hackers. eEye Security came under fire for disclosing the Code Red
| > vulnerability in June before Microsoft had released a patch for the
| > hole, and again for releasing detailed information after Code Red was
| > controlled, which some blamed for the success of the Code Red II virus.
|
| I'm not sure where Lyman got his info but, according to eEye (and per
| the story I wrote about it at
| http://www.pcworld.com/news/article/0,aid,60744,00.asp )
|
| the company notified Microsoft of the vulnerability in May and waited
| a month for the patch to be produced before making their announcement
| simultaneously with Microsoft's posting of the patch in June.
|
| In fact, Marc Maiffret of eEye says that they were scheduled to post
| the announcement a week earlier, but Microsoft contacted him to ask
| for more time, saying there was a problem with the patch and they
| needed another week to fix it.
|
| EEye complied. Jay Dyson correctly noted that Microsoft publicly
| thanked the company for waiting until they had prepared the patch.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault