BugTraq
Vulnerabilities in some SCADA server softwares Mar 21 2011 04:16PM
Luigi Auriemma (aluigi autistici org) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 21 2011 05:11PM
J. Oquendo (sil infiltrated net) (4 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 08:28PM
Pavel Kankovsky (peak argo troja mff cuni cz)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 03:27PM
Kent Borg (kentborg borg org) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 08:10PM
J. Oquendo (sil infiltrated net)
Re: Vulnerabilities in some SCADA server softwares Mar 22 2011 09:24PM
Michal Zalewski (lcamtuf coredump cx) (2 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 02:46PM
R Michael Williams (rmwstealth comcast net) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 04:52PM
Michal Zalewski (lcamtuf coredump cx)
RE: Vulnerabilities in some SCADA server softwares Mar 23 2011 02:43PM
Jim Harrison (Jim isatools org) (1 replies)
Re: Vulnerabilities in some SCADA server softwares Mar 23 2011 04:54PM
Luigi Auriemma (aluigi autistici org)
Re: Vulnerabilities in some SCADA server softwares Mar 21 2011 08:02PM
Luigi Auriemma (aluigi autistici org)
> At what point in time did you try contacting any of the vendors for
> these issues?

the vendors of the affected softwares have not been contacted.

> How do you propose a manufacturer fix an issue?

in the security field a public vulnerability is a dead vulnerability,
anyone who has found and released at least one security bug in his life
knows it and knows to what I refer.

90% of the job of fixing a bug is just finding it first, I have even
showed the details, the causes and the ways to replicate them.

> Where in any of your advisories did you take the time to let a company
> know: "hey you guys have some potential issues, here they are!!!"

I have done it in the exact moment that I have uploaded my advisories on
my website making anyone aware of the problems, included the same
vendors that now can fix them.

---
Luigi Auriemma
http://aluigi.org

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus