[17846] in bugtraq
Re: Submission
daemon@ATHENA.MIT.EDU (Georgi Guninski)
Wed Nov 29 14:57:18 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Message-Id: <3A253438.1D6AF1A8@guninski.com>
Date: Wed, 29 Nov 2000 18:52:08 +0200
Reply-To: Georgi Guninski <guninski@GUNINSKI.COM>
From: Georgi Guninski <guninski@GUNINSKI.COM>
X-To: hellnbak@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
hellnbak@HUSHMAIL.COM wrote:
>
> Thanks for your reply Georgi.
>
> develop a fix. I remember a post a while back from you that said, "Why
> should I help the vendor". My question to you is, why not help the vendor?
> You said yourself, that they have to get their acts together why not assist
> in that process like the rest of us are?
I don't remember writing anywhere "Why should I help the vendor" - could
you give an URL where it is written - it very easy writing "lame shit"
as you define it anonymously.
In fact I am helping both vendors and users. I do free research for
vendors and I give workarounds (which sometimes are better than patches
that open other vulnerabilities).
I have given all vendors enough time to warn their client about a
workaround until a patch is available.
Do you find it normal a vulnerability to exist for 4 months and the
vendor not to warn their customers there is a vulnerability which is
stopped by a simple workaround?
I have reported vulnerabilities and go public without a patch about
Microsoft, IBM, Netscape and SUN. Only one of them complained about not
having enough time to fix the vulnerabilities - some of the other
vendors gave me awards despite the fact I went public without a patch.
Georgi Guninski
