11/12/2008
Adobe security central is found (but is was deeply hidden)
http://www.adobe.com/support/security/alertus.html but there is no mentioning of responsable disclosure and stuff like that, you don't even know if you will be mentioned if they will release the patch afterwards. You do your research that they should do and they don't even promise that they would mention your name ? I begin to understand what the auctioneers of zerodays are saying that there is no respect and no money in it for security researchers.
This won't resolve the javascript problem because they clearly see it as a functionality and not as a liaibility. So asking to be able to put it off permanently will be welcomed with great enthusiasm......
We will see what they will do when the storm just gets bigger and bigger....
and you can receive security alerts by mail here http://www.adobe.com/support/security/alertus.html
but you should know that at that time it is too late
12:50 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment