Hi, well, it's not new that some vulns are reported on personal websites and public/private forums. Blog is quite the same as a little forum... But many guys also send their researches to full-disclosure lists. And that, often before to post them on their sites. Another question that i'm asking to myself is what about a standardization of the vulns reports. In fact we often find the same sections in a vuln report, but the reports don't have the same design... I think it'll be usefull to could have reports written in a specific way. Just an idea... Sorry for bad english /JA Juha-Matti Laurio a écrit : > This happened with IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes > Using WebDAV issue > http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037019.html > > > Is this a new trend or something, this IIS vulnerability release was > similar as a previous IIS 5/6 500-100.asp "SERVER_NAME" issue > published via (same) Norwegian blog. > Some possible problems: > -report format used in blogs > -possible unofficial blog comments (anonymous exploit codes published > etc.) > -vendors has no time to look for new blog entries > > Regards, > Juha-Matti > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > >
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/