[VIM] betaparticle disclosure drama?
security curmudgeon
jericho at attrition.org
Tue Mar 21 08:03:31 EST 2006
: > http://blog.betaparticle.com/template_permalink.asp?id=102
: >
: > Here's the exploit details but I don't really understand how an
: > "advisory site" with only one exploit listed, could've heard about this
: > only minutes after the hacks occurred. Hmmm...it looks like they're the
: > ones who did the hacking but I'll reserve judgment until this simple
: > coincidence is explained to me. Where did they get the info for this
: > hack? Was it sent to them or did they write it?
:
: Looks like the blog author "missed" the fact that nukedx.com site
: belongs to the same person who submitted the original advisory. This
: seems odd, though, given that nukedx claims to have notified the vendor.
: Did he/she just fail to make the connection?
:
: I'm also mildly curious about the phrase "after the hacks occurred".
: Does this mean sites were actually hacked? Or is he/she equating the
: term hacking with research?
If you skim through the posts, it sounds like the site was hacked as well
as several others, suggesting the nukedx group was responsible due to the
timing.
Also of interest, someone says their "4.x" version was hacked, meaning we
know the vuln affects older versions OR there is a different
vulnerability present in the software.
More information about the VIM
mailing list