[12401] in bugtraq
Unqualified Postings
daemon@ATHENA.MIT.EDU (edi@GANYMED.ORG)
Tue Nov 2 00:06:18 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.01.9911020221370.10127-100000@ulixes.esc.ac.at>
Date: Tue, 2 Nov 1999 02:31:20 +0100
Reply-To: edi@GANYMED.ORG
From: edi@GANYMED.ORG
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hey,
Is Bugtraq the right forum to report stupid
overflows in yet another shareware win95 mail/ftp
server, fetched from huge commercial crapware
repositories like download.com / shareware.com / others?
Everyone can download the newest software, connect
and look what happens when you send 7321 a's
-- voila, the next advisory to Bugtraq is done.
Companies who pretend to do security research
(like ussr) should do better than that (at least
they switch their advisory template every second
time).
Where's the security risk? If the software is rarely
used, if no exploits are widespread, why bother
informing the security community about some buffer
just because it's too small.
Add an exploit if you want to gain popularity -
I personally do not encourage such postings here.
Edi
