On Monday 17 January 2005 16:42, Marc Ruef wrote:
> Dear ladies and gentlemen
>
<SNIP description of two potential problems>
> We have not found any information on that issue. So I sent this information
> (nearly the same posting) on 14/12/04 to info_at_novell.com and asked for a
> solution. As I haven't heard _anything_ until 23/12/04 I sent a reminder
> email to the same address. So no reply came back we made this vulnerability
> public finally to force Novell to react on this case. An Attack Tool Kit
> (ATK) plugin that addresses this vulnerability will be published in the
> next days[1].
>
> Regards,
>
> Marc Ruef
>
> [1] http://www.computec.ch/projekte/atk/
It took me less than 10 seconds to find this url
http://support.novell.com/security-alerts/
using the keywords "novell security email address" in Google.
Had you taken the same time to do this, you would have found that
secure_at_novell.com is the place to send this kind of notification.
No doubt you've spent a lot of time doing some good research. Had you spent a
little longer there would probably be a patch by now. Making up 'possible'
email addresses for this kind of mail and then 'forcing' Novell to go public
on an issue that's probably sitting in a spam bucket is a bit of waste of
everyone's time and effort, your own included.
Regards
Peter
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jan 20 2005
Intro
