?

Log in

No account? Create an account
You may have noticed it's been a while since I posted anything here.… - Alierak — LiveJournal
July 18th, 2006
05:31 pm

[Link]

Previous Entry Share Next Entry

(8 comments | Leave a comment)

Comments
 
[User Picture]
From:alierak
Date:July 19th, 2006 08:32 am (UTC)
(Link)
Thanks. I'm definitely leaning in the direction of your answers. It is reassuring that you are one of the few people on my flist actually qualified to give advice on security research.

As for things being fixed only on the test site, it's (imho) unethical to discover that, because you'd have had to try an exploit on the main site, which was not in the scope of the challenge. Permission was granted to bang on only the test server, afaik. But I think I can assume security bugfixes were applied to the test site and then to the main site within a day of the changes having appeared in public CVS / SVN. The bugs I'm calling "fixed" ought to be unambiguously dead at this point.
[User Picture]
From:coderlemming
Date:July 19th, 2006 05:40 pm (UTC)
(Link)
Oh, right, good point. In that case, I think you're right, you've got every reason to believe that "fixed" means fixed.
Powered by LiveJournal.com