Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Irresponsible Disclosure
Jon Lasser, 2002-06-26

Internet Security Systems violated community standards and common sense with its surprise Apache bug announcement.

Comments Mode:
Irresponsible Disclosure 2002-06-26
Anonymous (1 replies)
Irresponsible Disclosure 2002-06-28
Anonymous
Irresponsible Disclosure 2002-06-26
joe90@hushmail.com
Irresponsible Disclosure 2002-06-27
Please please please get a new UNIX writer! (7 replies)
Are you working for ISS ? 2002-06-27
nimp
Irresponsible Disclosure 2002-06-27
Anonymous
Re: Replace him! he disagrees with me and I know it all! 2002-06-27
epizz@ba.net (1 replies)
Re: Replace him! he disagrees with me and I know it all! 2002-06-28
Anonymous
Irresponsible Disclosure 2002-06-27
Anonymous
It appears as though you have a decent case of tunnel vision... a type of malady that seems to infect quite a bit of people in the computer security field.

ISS simply supplying a patch (a patch, BTW, that does not adequately address the bug reported) in no way exhonerates them from any faux pas done. One day after the announcement was made by ISS, exploits for several widely-used OSes running Apache were available. You would have to agree, that, even with a patch, one day is hardly enough time for administrators out in the world to either patch their Apache, or get a binary patch fix from thier respective vendors.

Everyone was suprised by this premature disclosure, and at that point, it opened up many thousands of servers to crack attempts using that vulnerability before an appropriate fix was released. I would expect this from an impatient and excited script kiddie, not from an established and estemed organisation such as ISS and it's ilk.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/91/13318#13318
Anon poster is an "Irresponsible Disclosure" 2002-06-27
Anonymous
Irresponsible Disclosure 2002-06-29
Tired of loud mouth open source freaks (1 replies)
Irresponsible Disclosure - TO "Tired of loud-mouth open source freaks" 2002-07-01
Anonymous
Irresponsible Disclosure 2002-06-29
Anonymous
Damned if you do, damned if you don't 2002-06-27
TL (1 replies)
Damned if you do (irresponsibly), damned if you don't (ever) 2002-06-28
Tor Slettnes
Irresponsible Disclosure 2002-06-27
Anonymous
The shoe is on the other foot 2002-06-27
Anonymous (10 replies)
The shoe is on the other foot..but just barely. 2002-06-27
K.M. Ellis
The shoe is on the other foot 2002-06-27
Brian
The shoe is on the other foot 2002-06-27
Anonymous
The shoe is on the other foot 2002-06-28
Anonymous
Are you working for Microsoft ? 2002-06-28
no 6
The shoe is on the other foot 2002-06-28
Anonymous
The shoe is on the other foot 2002-06-29
Anonymous
The shoe is on the other foot 2002-06-29
Anonymous
The shoe is on the other foot 2002-06-29
pseudoAnonymous
...but where should the foot be put? 2002-07-02
Andy Wood
Penalties 2002-06-27
Anonymous
Irresponsible Disclosure 2002-06-28
System Engineer in UK
Irresponsible Disclosure 2002-06-28
Anonymous
Irresponsible Disclosure -- CYA 2002-06-28
Anonymous
hehehe ! apachi is next victim 2002-06-29
ICMP_Z@yahoo.com (1 replies)
hehehe ! apachi is next victim 2002-07-01
Anonymous
what i think about ms... 2002-07-03
Lysergsäurediethylamid







 

Privacy Statement
Copyright 2009, SecurityFocus