paul//
Do you really care what MS thinks?
My way of going around things....
1. Find the bug
2. Inform the software maker
3. Release the bug/vulnerability and a proof of concept(POC/exploit) to a
full disclosure list.
Paul... If you can compromise SP2, lets see it. Release a POC.
Take it from there.
Happy Holidays Everyone-
-----Original Message-----
From: Paul [mailto:paul@greyhats.cjb.net]
Sent: Monday, December 20, 2004 10:29 PM
To: focus-ms@securityfocus.com
Subject: Microsoft Vulnerabilities ARE being reported to Microsoft
If you came here looking for a vulnerability, you will be dissapointed,
because this is simply a message. Contrary to popular opinion, I do disclose
my vulnerabilities to Microsoft before release. They do not resond to any of
my emails so I assumed they either 1) didn't care, or 2) were taking
considerable action to patch these vulnerabilities. The Microsoft statement
that I do not disclose the vulnerabilities to them is untrue and is probably
just an attempt by Microsoft to make me look bad because of their own
incompetence. I will continue to work towards a secure operating system
because that is what we security professionals strive to accomplish.
PS: Microsoft, I have found a way to compromise SP2 by writing a file to
anywhere on the victim's computer without user interaction. As always, I
will email you with the details of the vulnerability.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
