[VIM] Question on BookReview vulns (fwd)
jericho at attrition.org
Wed Jun 1 07:39:10 EDT 2005
: FYI... lostmon says he's a data mangler for OSVDB... any inside scoop
: from the OSVDB people?
Off the record..
It is clear as you can see, that he tests live sites to find
vulnerabilites often times. This is something that many of the core OSVDB
folks do *not* approve of at all. The fact that he does this and
prominantly announces his involvement in OSVDB is very worisome to a few
of us. It is getting to the point where I think one of us needs to have a
serious talk with him.
Usually I catch his stuff and figure out the real vendor, determine that I
can't figure it out, or just don't add it without questioning him further.
And let me tell you, questioning him can be painful as his English is not
For BookReview, the bottom of the page shows what you found:
: Google search suggests that there is a product called "BookReview" by
: somebody named W.M.R. Simpson, apparently a Christian software
: developer. His URL is at http://www.justwilliams.com/.
: However, I can't find any information on "BookReview" on that site,
We have the vendor URL wrong on our entries, which I will fix. But my
initial digging suggested it was a product you could download and I didn't
follow through when making the entries.
: Can "BookReview" be downloaded and used by other people? If so, do you
: know where that information is?
: I am asking because it seems like "BookReview" is custom software for
: live web site, but it is not generally available to the public, and CVE
: only covers vulnerabilities in publicly available software.
Let me know how he replies and I can translate if you need =) I've gotten
fairly proficient at speaking Lostmonese.
More information about the VIM