For mgetty users with non-trusted shell logins

l41484@alfa.ist.utl.pt (l41484@alfa.ist.utl.pt)
Thu, 28 Jan 1999 18:08:27 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

On Thu, 28 Jan 1999, Gert Doering wrote:

> On Wed, Jan 27, 1999 at 11:30:06PM +0100, l41484@alfa.ist.utl.pt wrote:
> > Ah the old debate, security through obscurity or security through openess.
> > :-)
> 
> Well, partially.  We tell people where the problem is, and how to
> protect themselves, but I'm kind of reluctant to do full disclosure

In my opinion, vulnerabilities should be reported to the vulnerable
products author first, and then should be released to the public.  I also
think, there is no need to report how to exploit the vulnerability, honest
people don't need them and they will probably be used by dishonest people.
(unless there is something to be learned from it).

> (after all, "full disclosure" is there to force the vendor to fix it - I
> *am* the "vendor" and we have found a workaround :) ).

I tend to dislike vendors who fix only things, when put between the sword
and the wall.

--
Tiago Pascoal  (l41484@alfa.ist.utl.pt)               FAX : +351-1-7273394
Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca.