[31048] in bugtraq
Re: Invision Board spoof and defacement
daemon@ATHENA.MIT.EDU (matt@ibforums.com)
Tue Aug 5 16:37:47 2003
Date: 5 Aug 2003 19:31:19 -0000
Message-ID: <20030805193119.24794.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <matt@ibforums.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20030804002946.4431.qmail@www.securityfocus.com>
You've got to be kidding me?
>The vendor hasn't been notified because of their
>handling of previous vulnerabilties I found in Invision
>Board
I am extremely responsible with regards to security and in most
cases I've had a fix ready and available within 30 minutes of
receiving note of a vulnerability.
I take a dim view of posting exact details of vulnerabilities before
people have a chance to patch their board and I take a dim view of
needlessly alarming people with almost trivial matters, such as
this.
If you find a vulnerability in a program and you post details of
how to exploit it without notifying the vendor then that is very
irresponsible indeed.
