Re: SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulner

[security curmudgeon <jericho () attrition org>]

: I wonder why we can't find Aditya K Sood in any of the security list 
: even though he has made so many public disclosures.
: 
: See:-
: 
: http://www.google.com/search?hl=en&q=site%3Asecunia.com+aditya+sood
: 
: http://www.google.com/search?hl=en&q=site%3Aosvdb.org+aditya+sood
: 
: Is it because these lists dislike Aditya or is it because they find the 
: vulnerabilities to be false while verification?
: 
: AFAIK OSVDB has a system of tagging vulnerabilities as Myth/Fake. I 
: wonder why the disclosures published by Aditya are missing in OSVDB. 
: OSVDB should add these vulnerabilities and properly classify them or tag 
: them as fake. Anyone from OSVDB here who can respond?

OSVDB did not begin agressively tracking and cataloging myth/fake 
vulnerabilities until earlier this year. Before that they were added as 
time permitted, and over the years primarily if there was a lot of 
confusion or assumption that a published vulnerability was accurate, when 
it clearly was not.

OSVDB will add legitimate vulnerabilities before myth/fake typically, so 
in some cases they are just at the bottom of the queue.

The lack of results for your search above is also likely due to the lack 
of creditee information associated with many of our entries. This is due 
to the creditee field not being added until last year. In some cases, his 
vulnerabilities (legit or otherwise) may be in the database, just missing 
creditee fields.

Brian
OSVDB.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/