[12414] in bugtraq
Re: Unqualified Postings
daemon@ATHENA.MIT.EDU (v0rt)
Tue Nov 2 14:19:45 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <381F173F.CF6A3E0A@dayrom.com.au>
Date: Tue, 2 Nov 1999 16:54:23 +0000
Reply-To: v0rt <v0rt@DAYROM.COM.AU>
From: v0rt <v0rt@DAYROM.COM.AU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
edi@GANYMED.ORG wrote:
> Is Bugtraq the right forum to report stupid
> overflows in yet another shareware win95 mail/ftp
> server, fetched from huge commercial crapware
> repositories like download.com / shareware.com / others?
>
> Where's the security risk? If the software is rarely
> used, if no exploits are widespread, why bother
> informing the security community about some buffer
> just because it's too small.
I disagree with this post (also an unqualified post) as any security
weakness if any application, no matter how small or how wide spread
should be posted to this list. Not only does it force the developers to
upgrade their security coding abilities, but it also inforces the fact
that security through obscurity (or a fake sense of security) is never
really a reliable policy.
> Add an exploit if you want to gain popularity -
> I personally do not encourage such postings here.
>
> Edi
Add an exploit and allow the script kiddies fuck with little joe blogg's
home box as he had setup a ftp server that he had d/l from one of these
so called 'commercial crapware repositories'
All things security related should be discussed, as whats the point of
discussing 'only top class security weaknesses that kiddies can use to
hack the government' ???
my two cents + 5% tip
[v0rt]
