Network Security: Detailed info on Re: [VulnWatch] Details of Sybase ASE bugs withheld

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: [VulnWatch] Details of Sybase ASE bugs withheld

from [David Litchfield] Network Security

[Permanent Link]

Subject:	Re: [VulnWatch] Details of Sybase ASE bugs withheld
Date:	Mon, 21 Mar 2005 21:50:22 -0000

Hey Halvar,

am I understanding this correctly ? Sybase is threatening "something"
so that the technical details of the vulnerability are kept secret
indefinitely ?

Yes - you understand correctly. Needless to say I hope all of this can be resolved amicably; and the details will be published.


This is a rather curious development. Are the pre/post patch versions
freely downloadable ?

To be honest, I don't know, but if the patch is freely downloadable, let's face it, the "details" are there to anyone with a disassembler, anyway. This kind of legal threat achieves nothing other than to make legit researchers fearful about being sued if they find and publish security issues - even if they do so in a responsible manner. In such a climate security research will be driven underground - which is where the "good guys" really don't want it to be.


Cheers,
David Litchfield
Research Scientist
NGSSoftware Ltd
http://www.ngssoftware.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[VulnWatch] Details of Sybase ASE bugs withheld, NGSSoftware Insight Security Research Re: [VulnWatch] Details of Sybase ASE bugs withheld, Halvar Flake Re: [VulnWatch] Details of Sybase ASE bugs withheld, David Litchfield <= Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean Re: [VulnWatch] Details of Sybase ASE bugs withheld, Peter J. Holzer RE: [VulnWatch] Details of Sybase ASE bugs withheld, Chris Wysopal RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom Re: [VulnWatch] Details of Sybase ASE bugs withheld, Simple Nomad Re: Details of Sybase ASE bugs withheld, Jay Libove RE: [VulnWatch] Details of Sybase ASE bugs withheld, http-equiv@excite.com

Previous by Date:	[Full-disclosure] Re: [ISN] How To Save The Internet, Jason Coombs
Next by Date:	iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability, iDefense Customer Service
Previous by Thread:	Re: [VulnWatch] Details of Sybase ASE bugs withheld, Halvar Flake
Next by Thread:	Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean
Indexes:	[Date] [Thread] [Top] [All Lists]