[102410] in North American Network Operators' Group
Re: IBM report reviews Internet crime
daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Feb 12 14:48:58 2008
From: Florian Weimer <fw@deneb.enyo.de>
To: Owen DeLong <owen@delong.com>
Cc: <michael.dillon@bt.com>, <nanog@nanog.org>
Date: Tue, 12 Feb 2008 20:46:24 +0100
In-Reply-To: <7C2098E2-1A14-451D-8CC5-6C58D3C214F6@delong.com> (Owen DeLong's
message of "Tue, 12 Feb 2008 11:17:55 -0800")
Errors-To: owner-nanog@merit.edu
* Owen DeLong:
> If the vulnerability cannot be corrected through a vendor patch, then,
> one has to wonder what, exactly the vulnerability is.
You assume that a vendor patches a vulnerability once they learn about
it. In my experience, this is not true. Sometimes it's easy to explain
(product or vendor ceased to exist), sometimes it's not (some cross-site
scripting issues I'm trying to straighten out; minor bugs to you
perhaps, but huge media exposure because of their visibility and
reproducibility--think FDIV bug).
