ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1

• Previous message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Next message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2004-02-06 at 09:43, McBurnett, Jim wrote:
>
> If I was a real hacker, and I found the problem, might I also know the fix?
> And if I was really nice, would I give that fix to the vendor?
> Or could it be that a former Checkpoint employee is now an ISS employee?
> Or .....?

In my experience, CP does not exactly have the best track record for
fixing problems. When I've informed them of vulnerabilities in the past
I've heard everything from "Well you would not have that problem if you
used the product the way it was intended" (remote overflow), to "we'll
fix that problem in the service release coming out 3 months from now
(DoS script kiddies were using against multiple sites, tool in the
wild).

Some vendors are slow no matter what you do. :(

C

• Previous message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Next message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]