Firm To Release Database, Web Server 0-Days

krebsonsecurity writes "January promises to be a busy month for Web server and database administrators alike: A security research firm in Russia says it plans to release information about a slew of previously undocumented vulnerabilities in several widely-used commercial software products, including MySQL, Tivoli, IBM DB2, Sun Directory, and a host of others, writes krebsonsecurity.com. From the blog: 'After working with the vendors long enough, we've come to conclusion that, to put it simply, it is a waste of time. Now, we do not contact with vendors and do not support so-called "responsible disclosure" policy,' Legerov said."

Re:What's up with the confusing article title?

[mchugh]

We're lucky Slashdot properly escapes its SQL input. Aa headline like "Firm to 'DROP DATABASE `web_server`" might otherwise result in havoc. :P

"Oh, yes. Little Bobby Tables, we call him."

http://xkcd.com/327/

Re:Responsible Disclosure

[mcgrew]

What does not kill it makes it stronger.

Tell "what does not kill me makes me stronger" to a brain-damaged man in a wheelchair. If there were no attacks, vulns would be little problem. As it is, your AV takes up a good chunk of your computer's resources and the botnets still send tons of spam.