Re: Download Accelerator Plus can be tricked to download malicious file

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Download Accelerator Plus can be tricked to download malicious file
From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
Date: Fri, 6 Jan 2006 18:52:14 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060105180806.22333.qmail@xxxxxxxxxxxxxxxxx>
Sender: news <news@xxxxxxxxxxxxx>

visitbipin@xxxxxxxxxxx wrote in
news:20060105180806.22333.qmail@xxxxxxxxxxxxxxxxx
> Just n' update:
> DAP searches for all its mirrors from mirrorsearch.speedbit.com
>
> I have no knowledge about HOW the mirrors are gathered.

  Then your report should have been titled "Maybe DAP can be tricked to
download malicious file, maybe not, I haven't got any idea because I haven't
bothered to find out".

  Or even better, you shouldn't have bothered posting it because it has zero
content.  "There might or might not be a vulnerability in application X" is
NOT information.  Uninformed speculation is NOT information.

  What you actually observed was DAP not being tricked and not downloading a 
malicious file.  What you wrote was the exact opposite.  Your report is 
fraudulent and utterly dishonest.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

References:
- Re: Download Accelerator Plus can be tricked to download malicious file
  - From: visitbipin

Prev by Date: MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities
Next by Date: [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1
Previous by thread: Re: Download Accelerator Plus can be tricked to download malicious file
Next by thread: [eVuln] Lizard Cart CMS SQL Injection Vulnerability
Index(es):
- Date
- Thread