On Monday 17 January 2005 16:42, Marc Ruef wrote: > Dear ladies and gentlemen >
<SNIP description of two potential problems> > We have not found any information on that issue. So I sent this information > (nearly the same posting) on 14/12/04 to [EMAIL PROTECTED] and asked for a > solution. As I haven't heard _anything_ until 23/12/04 I sent a reminder > email to the same address. So no reply came back we made this vulnerability > public finally to force Novell to react on this case. An Attack Tool Kit > (ATK) plugin that addresses this vulnerability will be published in the > next days[1]. > > Regards, > > Marc Ruef > > [1] http://www.computec.ch/projekte/atk/ It took me less than 10 seconds to find this url http://support.novell.com/security-alerts/ using the keywords "novell security email address" in Google. Had you taken the same time to do this, you would have found that [EMAIL PROTECTED] is the place to send this kind of notification. No doubt you've spent a lot of time doing some good research. Had you spent a little longer there would probably be a patch by now. Making up 'possible' email addresses for this kind of mail and then 'forcing' Novell to go public on an issue that's probably sitting in a spam bucket is a bit of waste of everyone's time and effort, your own included. Regards Peter _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
