Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
Reload this Page Sending of Hacks to the Graveyard
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #12  
Old 07-27-2007, 12:03 AM
quiklink quiklink is offline
 
Join Date: Jun 2007
Posts: 81
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by hambil View Post
ARGGGGH! I've given several, and more than once. You may not agree with them but to call them unprofessional is, well, unprofessional. I will repeat myself, yet again.

1) Notification of a security flaw before a fix is available can actually help inform those who wish to do harm. This is why vBulletin.org has already changed the wording of the notification sent be generic, instead of specifically stating the security flaw (as they did when I first got involved in this conversation). Why would they make such a change unless there was a danger inherent in the proliferation of knowledge about security flaws? They wouldn't, period. So, you may disagree with me on the details of this, but to call the idea that spreading information of security vulnerabilities carelessly is not dangerous unprofessional, is well... unprofessional.
Not if the details of the flaw are not disclosed. And by not doing so you leave the user at risk rather than giving them an opportunity to remove the risk. And we are not discussing the change to the wording of the text. Neither of us has given issue to that. We have voice disagreement with your assertion that the best thing to do is to not inform the user until after a fix is available. And no there is nothing professional in that. It's nothing but self-serving.

Quote:
This is a seriously debatable topic, being dealt with by the top people in our field, and hardly a black and white issue. You do great injustice and potential harm to the very users you seem to think you are protecting by note giving the discussion the weight it is due.
It is you who are dismissing this discussion and the risk of leaving the user vulnerable.

Quote:
I could list several more reasons, and have already, but that one alone should be enough to show the subject is debatable - at least to anyone who is still being rational.
No, it just shows a callous indifference to the security of those using the mods.

Quote:
@quiklink: slander, liable, either way it is wrong, and people on this board have been reprimanded for it before. I have not notified any staff or asked for their involvement, yet, because I am hoping you are mature enough to see the light on your own.
And yet I have committed neither slander or libel. Feel free to report any of my posts. I doubt I'll have any problems.
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:35 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09074 seconds
  • Memory Usage 3,666KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (40)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (40)post_thanks_box
  • (40)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (40)post_thanks_postbit_info
  • (40)postbit
  • (40)postbit_onlinestatus
  • (40)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete