Slashdot Mirror

← Back to Domains

Domain: stake.com

Stories and comments across the archive that link to stake.com.

Comments · 43

  1. Re:Uh by acz · · Score: 1 · on Forensic Discovery

    After reading the review of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake after writing a Phrack Article in which he exposed numerous flaws in The Coroner's Toolkit by Dan & Wietse. Before you read this book, check out the video (bittorrent) of The Grugq on The Art of Defiling and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 in Jakarta, in April at Black Hat in S'pore and Amsterdam and at HITB2005 Bahrain.

  2. The Art of Anti-forensics by The Grugq by acz · · Score: 1 · on Forensic Discovery

    After reading the review of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake after writing a Phrack Article in which he exposed numerous flaws in The Coroner's Toolkit by Dan & Wietse. Before you read this book, check out the video (bittorrent) of The Grugq on The Art of Defiling and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 in Jakarta, in April at Black Hat in S'pore and Amsterdam and at HITB2005 Bahrain.

  3. Talk about anti-forensics and get fired! by acz · · Score: 1 · on Forensic Discovery

    I wish people would talk about the work of The Grugq who got fired from @stake after publishing an article in Phrack Magazine. He will be talking in Jakarta, Indonesia at BCS2005 in March, Blackhat Singapore and Amsterdam in in April. (and he will probably never speak in USA because he embarasses and ridicules the profession and ... the FBI.

  4. GET YOUR FREE l0PHTCRACK HERE by Anonymous Coward · · Score: 0 · on Author of Paper Critical of Microsoft is Fired

    Get the software here and the key generator here

  5. Re:@stake making power plays w/ microsoft == OIS by xxEtineSxx · · Score: 1 · on Author of Paper Critical of Microsoft is Fired

    Lets forget about his standpoint on the issue v. his employer's (), lets talk about the timing of this article and the issues at hand. It came shortly after the Blaster Worm Epidemic. This was a very big, public problem. Everyone knew what this meant, and got a foreshadowing of things to come if the majority of the mass rely one a single company's product. Since so many of the world's computers relied on Microsoft products, the blaster worm was an epidemic rather than a small annoyance. It could've been any company. I believe that his opinions were felt by many after that controversy. It was a very public subject that he was, basicaly, giving his opinion on. Neither company, one or both, should have reacted in this way. His 'critical paper' was merely just a scathing rather than the hanging of microsoft by the media all over the world. Microsoft made a mistake, and rather than being ashamed, they should acknowledge their problems and ask for outside help ;). But cmon, micrsoft being open sourced, maybe in a dreamworld. However, the least that they need to do is take what they've learned from this situation and let their customers know of possible vulnerabilites.

  6. use @stake by Mashiki · · Score: 1 · on Recommendations for Third Party Security Audits?

    @Stake

    Remeber that these guys used to be l0pht, and having met several of them they still have my highest and best regards in the security field, in my opinion they still are the best around.

  7. Re:Remember the L0pht? by EllF · · Score: 1 · on Internet Draft on Vulnerability Disclosures

    Things have certainly changed, haven't they? The R&D guys at @stake (the remnants of the l0pht) are certainly brilliant coders and security analysts, but it's painful to see them going down a route that indemifies companies from the results of the very failings that they once attacked.

    It's amusing to look a current pictures of Mudge, as well - it really points out the changes that have occured with the former l0pht: Current "Mudge" versus the Mudge that was.

  8. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  9. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  10. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  11. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  12. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  13. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  14. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  15. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  16. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  17. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  18. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  19. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  20. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  21. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  22. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  23. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  24. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  25. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  26. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  27. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  28. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  29. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  30. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  31. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  32. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  33. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  34. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  35. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  36. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  37. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  38. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  39. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  40. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  41. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  42. Re:my post to bugtraq should help by ahde · · Score: 1 · on L0pht Joins MS As BUGTRAQ Outcasts

    Date: Wed, 13 Dec 2000 16:24:53 -0500
    From: Weld Pond
    To: BUGTRAQ@SECURITYFOCUS.COM
    Subject: @stake Advisory Notification Format

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I think everyone out there knows that we are committed to full disclosure and the concept of freely available security advisories. Many vendors do not issue bulletins after we report problems to them, even after they subsequently fix the problems. Without advisories from independant researchers there is no check on product vendors. This is a service that we give to the security community because we think it is the right thing to do with the fruits of our research. With our new mailing list notification format we have not changed this one bit. we are giving out more information now in our advisories than we ever have before, so we are certainly not witholding anything. Quite the opposite. Over the past few months we have expanded our overview sections that allow non-technical people to scope the problem. we have expanded our detailed technical discussions of issues, many times including detailed source code examples. And, I think most importantly, we have greatly expanded our solutions discussion so that people are not always reliant on vendor patches. we need many was to mitigate vulnerabilities because there are many environments.

    The advisory notifiction format we are using has about the same amount of information as the paraphrased advisories that Elias posted for the latest Microsoft advisories and the same amount of information that some other researchers post in their advisories. This is more than enough information to decide if the issue at hand effects you and you need to dive deeper into our analysis.

    What we are doing is adding more information than we have in the past and we are adding it on our web site. There are plans to add much more. we think that our web site and its accompanying web technology is the best place to expand our free information dissemination into the future. we have many ideas in store that I know people will appreciate. Of course, notifications of important information releases will be made to mailing lists that accept them so everyone who wishes to can read and use the information. we may even set up our own notification list if there is a demand for that.

    We have stayed away from cluttering up our advisories with marketing gorp, like ads about our services or ads about our company like many commercial research teams do. we pride ourselves in publishing our research on an academic level and always have. This will not change.

    weld

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0

    ib3tUth1nKtH15ofF3r5U50M3/3-leet/++m345Ur30fPr0t3c T1oN...,D0ntUNoW??

    -----END PGP SIGNATURE-----

  43. Re:In a word, credibility... by stx23 · · Score: 1 · on l0pht Joins with Others to Form @Stake

    Pity about the @Stake web site - they seem to have had the "web is art" or "my browser is the only browser" designers in (or perhaps the black on black I got is an 'underground' thing).

    So, who owns http://www.@stake.com? Or is likely to be 0wn3d later?