here is some satire how some vendors may respond to reported security problems.
completely fictional, any resemblance to real world or real events is just a halucination. 1. http://www.microsoft.com financial empire waiting for the fate of previous empires automated response "thanks for being a free beta tester!" the media is told "bug hunters" are irresponsible cyber terrorists. have enough money and enough brain to shutdown hotmail accounts. later a patch is produced, in some cases introducing more problems. visiting malicous web sites is not real exploit scenario. 2. http://www.openbsd.org Theo Deraddt, author of only one remote hole in 2^32 years. imaginary quotes from fabricated email: --------------------- From: Theo de Raadt it is just a crash. > btw, Ted Unangst <tedu@> seems better than you in PR > bug handling. have you thought about outsourcing the PR bug handling > to him? he is not better at it. he only works in certain areas. but i work all over the place, and can spray an issue out to the revelant people very often. i'm always around... ---------------------- ---------------------- From: Theo de Raadt <[EMAIL PROTECTED]> and I TOLD you to hold off and then you didn't. Look, you release bugs not to help us. You do it for yourself. Don't take me for a fool. --------------------------- // end of fabricated quotes 3. http://www.kernel.org Linus Torvalds, an engineer, some funny quotes on wikiquotes. Linus: "hmmmm, there might be more ones like this. how did you find it?" 4. http://www.mozilla.org Let there be dragons and foxen mozilla: "we give cash for security bugs" -- where do you want bill gates to go today? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
