[12403] in bugtraq
Re: Unqualified Postings
daemon@ATHENA.MIT.EDU (Wanderley J. Abreu Jr.)
Tue Nov 2 12:30:11 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001001bf24f7$cfc3c920$cfd66520@storm.pgj.rj.gov.br>
Date: Tue, 2 Nov 1999 04:02:12 -0200
Reply-To: "Wanderley J. Abreu Jr." <storm@UNIKEY.COM.BR>
From: "Wanderley J. Abreu Jr." <storm@UNIKEY.COM.BR>
X-To: edi@GANYMED.ORG, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
(...)
>Where's the security risk? If the software is rarely
>used, if no exploits are widespread, why bother
>informing the security community about some buffer
>just because it's too small.
>
>Add an exploit if you want to gain popularity -
>I personally do not encourage such postings here.
>
>Edi
I don't know if bugtraq is the right list to put ALL security failures,
or bugs, or whatever... I personally realeased only a few exploits and fixes
to major security problems on widely used softwares. But, I have few points
about your message:
1.) The list is moderated. I think that the Moderator knows what is best to
his list.
2.) What is the mesurement to a "too small" problem? Most people who sign
this list administrate LANs or even WANs with a vast variety of win95
software with those "small problems". Take for instance the weak encryption
of WS-FTP passwords: Basically, common users, have problems in reminding
passwords, so they use one password for all things they have to
authenticate, should I need to go further? On a WAN this simple thing can
cause a real disaster.
3.) Why should I sign a bunch of security lists when all I need to know
mainly is found in just one?
Cheers,
Wanderley
