Berkeley CSUA MOTD:Entry 23459
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/07 [General] UID:1000 Activity:popular
4/7     

2002/1/4-5 [Computer/SW/Security] UID:23459 Activity:very high
1/4     http://news.cnet.com/news/0-1005-200-8358574.html?tag=mn_hd
        \_ Did nweaver post this because he was quoted in the article? :-)
        \_ This guy picked the Christmas week to notify AOL and then claimed
           waiting for a week is too long.  Hmm.  Maybe he just wanted the
           publicity.
           \_ The article I read said that AOL didn't even bother to respond
              to him.  It's not just that they didn't fix it in the first
              week after he reported it -- they didn't even acknowledge that
              the problem *existed*.  Then when he goes public they fix
              it in 24 hours?  Sounds like he was right to go public.
                \_ At most tech companies, there was no one around to respond
                   to anything from Dec. 22 - Jan. 1.
                   \_ Sounds like the best time to exploit a hole :)
                   \_ I can't think of any legitimate reason for their
                      escalation path for security problems to be broken,
                      even for holidays.  Whether they failed to respond out
                      of arrogance or incompetence doesn't make much of a
                      difference.
                      \_ suppose you find a major security hole in AIM.  Whom
                         do you email?  Does AOL have a special email address
                         hotline for reporting critical exploits?  Do they
                         publicize it?  I'd guess that the answer to at least
                         one of those questions is "no".  So now you're left
                         with filing a bug report using the standard support
                         channels, which most likely get flooded with mail from
                         clueless newbies.  Do the real developers field all
                         these questions, or does a low-paid grunt deal with
                         them?  Does this support grunt check email every day
                         during his vacation?  give him a break.
                         \_ When I call AOL tech support, I usually
                            get prompt and complete service. signed, AOLuser
                         \_ You send it to support.  It is the responsibility
                            of their support organization to classify the
                            incoming report correctly and advise their
                            management so they can direct it to the
                            appropriate engineers to repair.  An organization
                            the size of AOL doesn't have a single support
                            grunt who goes on vacation and leaves the support
                            email unanswered; they have a large group of
                            people processing incoming support requests, and
                            there's always somebody there.  The front line
                            people have more senior people they can escalate
                            things to (usually multiple levels).  Even during
                            holidays and weekends, there should be somebody
                            on call in engineering capable of addressing the
                            problem.  Coordintaing support and engineering like
                            this is hardly a problem unique to AOL.  Oh, and
                            AOL never said they hadn't seen it; they said
                            they wanted more time to work on it.
2025/04/07 [General] UID:1000 Activity:popular
4/7     

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil
11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...
2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil
2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
	...
Cache (610 bytes)
news.cnet.com/news/0-1005-200-8358574.html?tag=mn_hd -> news.com.com/2100-1023-800749.html?legacy=cnet&tag=mn_hd
Tech News First CNET tech sites: * Price comparisons * Product reviews * Tech news * Downloads * 8 Site map E-mail alerts! Sign up now by 10 company, 11 topic, or 12 keyword. Front Page 14 Enterprise Software 15 Enterprise Hardware 16 Security 17 Networking 18 Personal Technology 19 The Net 20 Saved Stories 0 search 21 Advanced Search Did AOL cold-shoulder AIM flaw exposer? Calif. TechRepublic | 137 ZDNet | 138 International Sites 139 About CNET Networks | 140 Jobs 141 Copyright 2004 CNET Networks, Inc. All Rights Reserved. Privacy Policy | 143 Terms of Use References Visible links 1. Hidden links: 144.