On Tue, Sep 11, 2012 at 7:48 PM, <> wrote: > > >>i already read tha adobe bulletin, it doesn't really say much. > > I doubt you will ever see details and description about any possible attack. > It would be too easy for those looking for ideas...
Publication of details of an attack are pretty common. Good guys will typically find an attack, alert the people who are in a position to fix the product(s), wait for them to confirm it and start on a fix and then publish the details of the attack after the vulnerability patch has been released. The reason for this is so other researchers (and people wanting to protect their own systems) have an idea of the types of issues that a product has been vulnerable to so they can poke around the edges and see if there are similar issues that may have been missed, thereby strengthening the overall security of the product. So, yes, the details are for people looking for ideas but that includes all the good people as well as the bad guys (tm). Security through obscurity isn't really security at all. cheers, Judah ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352519 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
