> -----Original Message----- > From: Frank Wiles [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 20, 2002 1:57 PM > To: Dann Corbit > Cc: [EMAIL PROTECTED] > Subject: Re: [HACKERS] @(#)Mordred Labs advisory 0x0004: > Multiple buffer overflows inPostgreSQL. (fwd) > > > .------[ Dann Corbit wrote (2002/08/20 at 13:54:53) ]------ > | > | > From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] > | > Sent: Tuesday, August 20, 2002 1:48 PM > | > To: [EMAIL PROTECTED] > | > Subject: [HACKERS] @(#)Mordred Labs advisory 0x0004: Multiple > | > buffer overflows inPostgreSQL. (fwd) > | > > | > > | > > | > And another one. Sure would be nice if shit-for-brains would > | > mention it to us first. > | > | It looks to me like he may be the most valuable tester on > the staff. | As long as we find out what the problem is, > why complain? | > `------------------------------------------------- > > The reason to complain is that he is not notifying the development > team before hand. Giving them absolutely no chance to work on a > fix prior to the whole world freaking out over these bugs. > > If I was your neighbor, and I noticed your front door was open I > would contact you and let you know... not take out a full page > ad in the local news paper! Same idea applies here. :) > > Also, if I'm not mistaken this guy isn't on "staff".
Well, of course, a well mannered team member would report the bugs through one of the normal channels. On the other hand, a malicious tester who finds these problems performs two valuable services: 1. Through great effort, he has found a problem that needs to be addressed or serious consequences will result. 2. He has raised a large public rancor. The result of which is that the serious problem must be addressed. The motivation is suspect. The character is suspect. But the result is of great value. In a similar manner, it is a common practice to hire hackers to try to break into your site. While their methods will be unconventional, and they can be very seedy and immoral characters, they will reveal information of great value to show you exactly where the hole needs to be plugged. ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
