[VIM] betaparticle disclosure drama?
Steven M. Christey
coley at linus.mitre.org
Tue Mar 21 12:11:26 EST 2006
On Tue, 21 Mar 2006, George A. Theall wrote:
> I'm also mildly curious about the phrase "after the hacks occurred".
I've seen enough vendor forum threads where people get hacked within
minutes or hours of someone posting fully functional exploit code. This
seems to be how most vendors to find out about vulnerability posts from
retrogod, for example.
So in this case, you can't necessarily be sure it's nukedx - however I do
recall at least one case where someone released an advisory after hacking
the affected vendor's site, although I forget the specifics. And since
some percentage of people who disclose widely are "black hats," this
probably happens on occasion.
More information about the VIM