Mr. Copley, I'm not an Eeye customer nor do I necessarily share the views of the original poster. However, if I were you I'd quit while you're ahead. This sort of tone from a representative of the company doesn't reflect well on the company in general. Whether the poster is knowledgeable or not, a professional or not, a troller or not, insults from a company representative, in my view, will bias my opinion towards that company as a whole. If I purchase an Eeye product and ask what the representative thinks is a stupid question, will I get a constructive answer to help me or will I get laughed off the phone? I don't know, and now I wonder.
There are enough people who respond with insults on this list, it'd be nice if we didn't see it from corporate representatives as well. Kenton On Thu, 2004-02-12 at 12:17, Drew Copley wrote: > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Paul Tinsley > > Sent: Wednesday, February 11, 2004 10:57 PM > > To: Drew Copley > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] Re: Re: <to various > > comments>EEYE: Microsoft ASN.1 ... > > > > Drew Copley wrote: > > > > >Without replying to each troll, individually, I thought maybe some > > >people would like to see some answers to some notes. > > > > > > > > Most of these are from me, so I will personally respond to > > those that apply. And believe it or not, this is not a > > troll, I really wanted to see people's viewpoints on this > > subject. > > > Somehow, I find this hard to believe. > > > > > >These are my own comments, I speak for myself. > > > > > >Question: "Why release all of the details" > > > > > > > > This statement is not an accurate paraphrase, I didn't say > > why release them all. I said why release them all on day 0 > > of the patch release. > > > > >Answer: Polls show this is what administrators what. This is > > one reason > > >we do this. Another reason we do this is simple, we use the details > > >ourselves. We use the details to create signatures for our > > >vulnerability assessment tool and firewall. Security administrators > > >then download these signatures and use them to check for > > patches or to > > >protect systems which can not yet be patched. > > > > > > > > Administrators don't need this crap to fix their boxes, they > > simply need the exploit vectors, the possible mitigation > > steps, and the potential severity of the vulnerability. > > <snip> > > I have gone over this a few times with some others. I believe I already > said it here. You seem to be unable to either hear it or believe it. > > In no particuliar order: > > One, the polls show that more want it then not. > > Two, we sell products which secure their boxes. We have a lot of > customers. Our competitors do the same thing. Altogether, we are the > industry. We have to know what the security hole was, so do our > competitors. Then, we can protect against this. So can they. > > Three, we don't give out exploit code. You can't make an exploit from > our advisory. I don't know you, I don't know who you are. But, frankly, > not that many people can even write exploit code. With these bugs, you > would have to be able to not only write the exploit code but also > understand the cryptographic references and their implementations in the > Window's OS. It isn't all that hard. But, it turns out, that the guys > who can write exploit code also can reverse engineer patches... They can > also understand our advisories, but they can also find their own bugs. > > Okay? > > Real world. > > But, I don't think you understand that. Why should I go on. It isn't > rocket science. But, you are saying, "I know, I know". And, you do not > know. That is when people can neither learn nor understand. > > Now, as a brief disclaimer... Security, being able to do these things is > not something that requires someone to have a tumor in their brain that > makes their IQ magically go up a thousand points. It requires only > desire. This means a predisposition. You have to be willing and wanting > to sit there and work through these things. > > So, you really have no excuse not to understand these things. > > You are a Monday morning quarterback. > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
