[SC-L] story of 2 patches to fix 1 bug

2005-10-21 Thread Stuart Moore
a validation function prior to a call to the vulnerable function, but that there remained other code paths to access the vulnerable function. The new fix addressed the actual vulnerable function. Stuart -- Stuart Moore SecurityTracker.com SecurityGlobal.net LLC

Re: [SC-L] Disclosure: vulnerability pimps? or super heroes?

2007-03-05 Thread Stuart Moore
with the icy walk? Is the severe structural damage and hours of surgical correction more cost effective than what any anti-ice protections would have cost? Those are the Good Questions. Asking whether the disclosure of the icy exploit is good or bad is the Wrong Question. Stuart -- Stuart Moore