[sldev] Viewer security vulnerability disclosure group

[Gordon Wendt]

Well put.Nivardus.

To answer your Soft no I don't keep lists of issues that I have seen that
since been removed and I in general do not look for issues however within
the past few months I know of at least a few sim crash issues that were
quietly moved to SEC from I think SVC.  In principle I am also opposed to
the entire concept of moving anything from an open to closed medium even if
you can't do it fully retroactively for the reasons I went into before.

On Wed, Dec 24, 2008 at 5:55 PM, nivardus <nivardus at gmail.com> wrote:

> Vulnerability and exploit details are usually posted on blogs, found
> floating around on notecards, and otherwise get spread around long before
> they're reported --including the viewer->sim packet spoof vulnerability.
>
> Users should been warned the instant issues are confirmed. Make the
> security mailing list open admission or don't make one at all. Restricting
> awareness, especially of critical issues is counterproductive and
> superfluous.
>
> Gonta Maltz
>
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/SLDev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20081224/4b64fd55/attachment.htm