BugTraq
Vulnerabilities in NovaBoard Apr 21 2010 08:45PM
MustLive (mustlive websecurity com ua) (1 replies)
Re: Vulnerabilities in NovaBoard Apr 22 2010 09:11PM
terry white (twhite aniota com)
... ciao:

: on "4-21-2010" "MustLive" writ:

and about which, i find me confused.

: you can saw the letter which was posted last week by one developer of
: one such vulnerable web application ---

from my reading of that exchange, i "thought" the author a 'system
administrator', rather THAN, the programmer of the flawed application.
from my experience, a sysadmin seldom enjoys the freedom programmers
enjoy.

: it's only way to draw attention of web developers to these issues.

: Timeline:
: 17.03.2010 - found vulnerabilities.
: 02.04.2010 - disclosed at my site.
: 03.04.2010 - informed developers.

that would be correct, if an only if, captcha limitations were
unknown to this community at 'this' point in time. that, is clearly, not
the case.

if memory serves, you took exception to another's inability to act
quickly in response to your discovery. yet, there is NO chance of that
happening given your 'notification' policy. further, i do not recall
mention of a workaround, or mitigation path.

"attention of web developers to these issues"

i've been watching this list prior to the "code-red" epidemic.
cisco 675 routers puked on code-red. i was the first to post a
workaround, when i mentioned the problem i was having the device. given
the objective you've outlined, i have to wonder what kind of attemtion
you seek. as a given:

1. your dicsoveries are like those of IE; big whoop.
2. you offer no solutions, or methods to mitigate the problem.
3. you offer < "ZERO" warning to those that need it most.
4. it looks like you're trying to drive traffic to your domain.

do you really think this a way to be taken seriously in this
community ...

--
... i'm a man, but i can change,
if i have to , i guess ...

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus