[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Sendmail: If you haven't patched it yet..

Subject: Re: [cobalt-security] Sendmail: If you haven't patched it yet..
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Wed, 5 Mar 2003 19:02:33 +0100
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I do believe that you should give a company notice of a security problem
> with there software 1 month before releasing how to access the security
> problem..
> Then if it is not fixed by the company they are liable, if fixed by the
> company and, not the user the user should not be a system admin.

when you look at the ISS advisory you'll see the following:

<quote>
Vendor Notification Schedule:

Initial vendor notification: 1/13/2003
Initial vendor confirmation: 1/13/2003
Final release schedule confirmation: 1/31/2003
<unquote>

And as the news report it, the US Gestapo ... err ... Department of Homeland 
Security had the entire matter it under tight wraps to make sure that 
everyone had time to prepare their patches. This makes it even more 
suspicious that Sun had no patches ready. Not even for Solaris!

-- 

With best regards,

Michael Stauber

Follow-Ups:
- Re: [cobalt-security] Sendmail: If you haven't patched it yet..
  - From: paul jacobs

References:
- Re: [cobalt-security] Sendmail: If you haven't patched it yet..
  - From: paul jacobs

Prev by Date: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
Next by Date: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
Previous by thread: Re: [cobalt-security] Sendmail: If you haven't patched it yet..
Next by thread: Re: [cobalt-security] Sendmail: If you haven't patched it yet..

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index