> Date: Sun, 30 Apr 2000 15:31:00 -0700
> From: Brook Davies <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: AOL uses CF!
> Message-ID: <[EMAIL PROTECTED]>
>
> Didn't your mother teach you any Manners? Postings another sites
> vulnerability to a list of people you don't know? hmm..did you email the
> webmaster at AOL, that would have been a better idea. Do you have a
> website? What's the url? Can I look for hacks and post the results to a
> list your not a member of? Would you mind. geezh.
>
> Also, you effectively shoot yourself in the foot when you post a hack to a
> CF site. If it get's hacked it looks bad on CF. They stop using CF, and
> next thing you know your client says "I don't want to use your CF solution
> cause I heard AOL just got hacked and aren't using CF anymore!".
I agree with you and have emailed [EMAIL PROTECTED] repeatedly about the
situation and have yet to see any results. As for my thoughts regarding
posting vulnerabilities to a public forum such as this listserv: a) many
times the only way to get the attention of the offending parties (i.e.
[EMAIL PROTECTED]) is to tell the world (as I have yet to see a fix for the
AOL.com problem I reported to them many days ago.) and b) I would imagine
that of all the places I could post this vulnerability, the people on this
list would be least likely to exploit it, because as you said, it makes CF
looks bad, and we don't want that.
To quote the almighty l0pht:
"Why keep the vulnerabilities secret unless you are going to exploit them,
or perhaps trade them for something?"
http://www.l0pht.com/~oblivion/soapbox/index.html
Best,
Phil
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
