6 Feb
2004
6 Feb
'04
1:19 p.m.
On Fri, 2004-02-06 at 09:43, McBurnett, Jim wrote:
If I was a real hacker, and I found the problem, might I also know the fix? And if I was really nice, would I give that fix to the vendor? Or could it be that a former Checkpoint employee is now an ISS employee? Or .....?
In my experience, CP does not exactly have the best track record for fixing problems. When I've informed them of vulnerabilities in the past I've heard everything from "Well you would not have that problem if you used the product the way it was intended" (remote overflow), to "we'll fix that problem in the service release coming out 3 months from now (DoS script kiddies were using against multiple sites, tool in the wild). Some vendors are slow no matter what you do. :( C