will post my
findings here and in my rantlog page.
Date: Wed, 8 Jan 2014 16:45:29 +0200
From: gunin...@guninski.com
To: peter_toy...@hotmail.com
CC: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Where are you guys standing re: the (full)
disclosure
On Sat, Dec 14, 2013
On Sat, Dec 14, 2013 at 05:37:02PM -0400, Pedro Luis Karrasquillo wrote:
Allright.
After I chatted with a MS rep (I posted the transcript of the short
conversation elsewhere in the thread), I got a response in the list from
secure()microsoft. I sent the details to secure()microsoft of the
On Fri, Dec 13, 2013 at 11:28 AM, amani am...@fastmail.us wrote:
Ethics? Define it.
Nobody can define your ethics since ethics are your personal principles.
___
Full-Disclosure - We believe in it.
Charter:
-disclosure] Where are you guys standing re: the (full)
disclosure
On Fri, Dec 13, 2013 at 12:15 PM, Gary Baribault g...@baribault.net wrote:
Of course, all software companies would love for the disclosure to wait
for the fix to be released, and often, if the delay is considered
Whether you like Microsoft or not isn't the point, and it's a whole
other topic.
In the past, full disclosure benefited everybody and it was a way to
gain notoriety among the community.
It's taken years to get people to accept responsible disclosure (ie,
giving software companies time to fix the
Whether you like Microsoft (or Apple) or not isn't the point, and it's a
whole other topic.
In the past, full disclosure benefited everybody and it was a way to
gain notoriety among the community.
It's taken years to get people to accept responsible disclosure (ie,
giving software companies time
On Fri, Dec 13, 2013 at 11:55 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Dec 13, 2013 at 12:28 PM, Gary Baribault g...@baribault.net wrote:
Rather harsh don't you think? I'm all for OSS but I have expenses and
need to make money. Yes M$ makes money, but I think their ethical just
as
On Fri, Dec 13, 2013 at 12:15 PM, Gary Baribault g...@baribault.net wrote:
Of course, all software companies would love for the disclosure to wait
for the fix to be released, and often, if the delay is considered
reasonable by the hacker in question who found the bug, then that's what
happens.
On Fri, Dec 13, 2013 at 12:15 PM, Gary Baribault g...@baribault.net wrote:
Of course, all software companies would love for the disclosure to wait
for the fix to be released, and often, if the delay is considered
reasonable by the hacker in question who found the bug, then that's what
happens.
Answers:
1. Whether you are right and there is a bug, lrt the vendor (M$) know; that is
ethical. They will decide if to consider your finding as a bug. Your following
steps depend on their opinion on the finding.
2. If you keep it for yourself - no problems. If you disclose on Internet
before
On Fri, Dec 13, 2013 at 10:06:48AM -0500, Mikhail A. Utin wrote:
Answers:
1. Whether you are right and there is a bug, lrt the vendor (M$) know; that
is ethical. They will decide if to consider your finding as a bug. Your
following steps depend on their opinion on the finding.
2. If you
On 13/12/13 15:06, Mikhail A. Utin wrote:
Answers:
[...]
2. If you keep it for yourself - no problems. If you disclose on Internet
before informing M$, there is certain risk, but first of all it is not
ethical.
Sure it is. It's just a different set of ethics than the ones you (or I)
would
Of course everyone has their opinion and is allowed to have one, mine is
more similar to Mikhail's, warn Microsoft, they may take a couple of
days to answer. If they ask for little time to evaluate, it's up to you.
If they ask for unreasonable time, and keep in mind they only patch
monthly, then
On Fri, Dec 13, 2013 at 03:27:21PM +, imipak wrote:
On 13/12/13 15:06, Mikhail A. Utin wrote:
Answers:
[...]
2. If you keep it for yourself - no problems. If you disclose on Internet
before informing M$, there is certain risk, but first of all it is not
ethical.
Sure it is. It's
Rather harsh don't you think? I'm all for OSS but I have expenses and
need to make money. Yes M$ makes money, but I think their ethical just
as much as any other company .. is IBM ethical? Is HP ethical? Is Dell
(the company) ethical? They all are to some degree. M$ has a HUGE
installed base of
On Fri, Dec 13, 2013 at 12:28 PM, Gary Baribault g...@baribault.net wrote:
Rather harsh don't you think? I'm all for OSS but I have expenses and
need to make money. Yes M$ makes money, but I think their ethical just
as much as any other company .. is IBM ethical? Is HP ethical? Is Dell
(the
Please don't get me going on Apple!!! I have never owned an Apple device
and will never own one either. People say that M$ is closed source, but
Apple is working hard at re-defining the term!
/rant
Gary B
On 12/13/2013 12:55 PM, Jeffrey Walton wrote:
On Fri, Dec 13, 2013 at 12:28 PM, Gary
Of course, all software companies would love for the disclosure to wait
for the fix to be released, and often, if the delay is considered
reasonable by the hacker in question who found the bug, then that's what
happens. I think it's only in the case where the company considers the
bug to be minor
Hey Jordon,
The thing is that the 'hackers' who find these bugs are not a
uniform group who all studied some course in university. Some have a lot
of experience and therefore credibility and some are less experienced
and don't know exactly what to do or when to do it. Our OP is one of
those
When you say 'security updates' I assume you mean publish the bug, and I
think you're right, as I just stated in the other mail, if the company
is dragging it's feet, threatening legal action (bluffing) or just
leading the hacker on, then to heck with them, let them know when you're
publishing and
20 matches
Mail list logo
