Month: January 2007

  • Month of .. who?!

    [This was originally published on the OSVDB blog.] http://rixstep.com/2/20070104,00.shtml A Month of Rixstep Bugs It’s a win-win proposition. Starting now and for the duration of January 2007 Rixstep will be holding a ‘Month of Rixstep Bugs’ campaign: find a bug in any Rixstep software product and win a prize. It’s not a win-win proposition, it…

  • reply: MJR: The Vulnerability Disclosure Game: Are We More Secure?

    [This was originally published on the OSVDB blog.] The Vulnerability Disclosure Game: Are We More Secure?http://www2.csoonline.com/exclusives/column.html?CID=28072By Marcus J. Ranum Do you remember the original premise of the disclosure game? By publicly announcing vulnerabilities in products we will force the vendors to be more responsive in fixing them, and security will be better. Remember that one?…

  • reply: Microsoft: Responsible Vulnerability Disclosure Protects Users

    [This was originally published on the OSVDB blog.] Microsoft: Responsible Vulnerability Disclosure Protects Usershttp://www2.csoonline.com/exclusives/column.html?CID=28071By Mark Miller, Director, Microsoft Security Response Center Responsible disclosure, reporting a vulnerability directly to the vendor and allowing sufficient time to produce an update, benefits the users and everyone else in the security ecosystem by providing the most comprehensive and highest-quality…

  • Bogus RFI Reports Getting Out of Hand

    [This was originally published on the OSVDB blog.] I know we’re all getting tired of the Remote File Inclusion (RFI) vulnerabilities being disclosed that end up being debunked, but this one takes the cake so far (yes I’m behind on e-mail). Fri Jun 16 2006http://archives.neohapsis.com/archives/bugtraq/2006-06/0321.html(1) path/action.php, and to files in path/nucleus including (2) media.php, (3)…