I'm with Alan, I'll be advising my customers likewise. -Drew
-----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 6:05 PM To: [EMAIL PROTECTED] Cc: Evgeny Demidov Subject: Re: ANNOUNCE: VulnDisco RADIUS protocol testsuite v1.0 Kenneth Grady <[EMAIL PROTECTED]> wrote: > On Tue, 2004-08-24 at 05:05, Evgeny Demidov wrote: > > Hello, > > > > We are proud to announce the release of the VulnDisco > > RADIUS protocol testsuite to the public. I'm disappointed to announce that Eugene, and his company, are unethical and unprofessional. I will not be recommending his services to anyone, including my worst enemies. The common practice is to notify the vendor of issues before publication. Eugene did not do so, despite there being a clear pointer to the security contact on http://www.freeradius.org. The bugs are either fixed, or in the process of being fixed. For normal users: the bugs are NOT exploitable. They can, however, cause the server to crash. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
