Re: [bugtraq] Novell GroupWise WebAccess error modules loading

[Pete Connolly <pete.connolly () btinternet com>]

On Monday 17 January 2005 16:42, Marc Ruef wrote:
> Dear ladies and gentlemen

<SNIP description of two potential problems>

> We have not found any information on that issue. So I sent this information
> (nearly the same posting) on 14/12/04 to info () novell com and asked for a
> solution. As I haven't heard _anything_ until 23/12/04 I sent a reminder
> email to the same address. So no reply came back we made this vulnerability
> public finally to force Novell to react on this case. An Attack Tool Kit
> (ATK) plugin that addresses this vulnerability will be published in the
> next days[1].
>
> Regards,
>
> Marc Ruef
>
> [1] http://www.computec.ch/projekte/atk/

It took me less than 10 seconds to find this url

http://support.novell.com/security-alerts/

using the keywords "novell security email address" in Google.

Had you taken the same time to do this, you would have found that 
secure () novell com is the place to send this kind of notification.

No doubt you've spent a lot of time doing some good research. Had you spent a 
little longer there would probably be a patch by now.  Making up 'possible' 
email addresses for this kind of mail and then 'forcing' Novell to go public 
on an issue that's probably sitting in a spam bucket is a bit of waste of 
everyone's time and effort, your own included.

Regards

Peter
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html