[224] in bugtraq
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994
daemon@ATHENA.MIT.EDU (Alan Hannan)
Mon Nov 28 11:58:14 1994
From: alan@mid.net (Alan Hannan)
To: david@irc.umbc.edu (Dave Brookshire)
Date: Mon, 28 Nov 1994 07:48:47 -0600 (CST)
Cc: 8lgm@bagpuss.demon.co.uk, bugtraq@fc.net
In-Reply-To: <Pine.SGI.3.90.941127235027.7257B-100000@manray.irc.umbc.edu> from "Dave Brookshire" at Nov 27, 94 11:55:39 pm
> > REPEAT BY:
> >
> > Exploit details will not be made available, until a patch is
> > provided.
>
> [ ..deleted.. ]
>
> Why this change in heart? You've always gone with full disclosure in the
> past. Did all of the complaints finally get to you guys? I'm not
> complaining, you've done lots of good in the past, IMHO, and am just a
> bit surprised by this.
>
> I think that the biggest pro of full disclosure, is that it get's people
> off their butts and gets a good solution or patch that much faster.
>
> Dave
> --david@umbc.edu
>
Again, I echo Dave's remarks. If you think that any cracker with half a
brain doesn't know how to exploit it, then you're quite silly. If you think
that most sysadmins (with no time on their hands, and screaming users who wanna
know why their file can be un-rm-ed) do know how to exploit it (and prevent it)
then you're sillier than bozo the clown.
Not to be harsh, but the flow of information is still there, only now it
goes only to those who use it poorly. Knowledge is power, and right now, all
of these are known by a certain segment, and not known by another... Which
segment do you think needs to know more?
--
+ alan@mid.net Network Operations Center (402)/472-0242, Fax (402)/472-0240 +
+ + + + + + + + + + + + + + + + + + + ++ + + + + + + + + + + + + + + + + + + + +
+============\\ "Those who are willing to give up some liberty for some +
+MIDnet, Inc. \\______ security lose both and deserve neither." - B. Franklin +
