A Dangerous Question

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

A Dangerous Question

Sean Stephens-2
Lassoers

I realize this is a dangerous - if not a little naive and ignorant - question to ask (especially directly to a group of potential hackers): but is anyone on this list aware of a case where Lasso or Lasso code itself was definitively responsible for a compromised server?

If so, I would genuinely appreciate your feedback/story about the incident, what caused it, what you know about what happened, how you fixed it, etc.

Please contact me off-list if you have any information or stories. It would be greatly helpful to our company.

Thank you!

Sean Stephens
CEO
LassoSoft Inc.
http://www.lassosoft.com

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: A Dangerous Question

Bil Corry-3
Sean Stephens wrote on 9/21/2011 4:57 PM:
> I realize this is a dangerous - if not a little naive and ignorant -
> question to ask (especially directly to a group of potential
> hackers): but is anyone on this list aware of a case where Lasso or
> Lasso code itself was definitively responsible for a compromised
> server?

I'm not aware of any servers compromised via Lasso except the Hack-a-Mac contest:

        http://www.zdnet.com/news/web-server-cracked-in-mac-os-contest/96589

FWIW, publicly disclosed Lasso vulnerabilities (two were Filemaker Companion issues):

        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1250
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0385
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0386
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2118
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2605

Beyond that, I've reported four or five vulnerabilities over the years, all of which were fixed in subsequent releases.


- Bil
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: A Dangerous Question

Göran Törnquist-3
In reply to this post by Sean Stephens-2
I remember reporting a few vulnerabilities over the years, mostly
possible DOS attacks, but compromised servers: None.

/Göran

On 2011-09-22 01.57, Sean Stephens wrote:

> Lassoers
>
> I realize this is a dangerous - if not a little naive and ignorant - question to ask (especially directly to a group of potential hackers): but is anyone on this list aware of a case where Lasso or Lasso code itself was definitively responsible for a compromised server?
>
> If so, I would genuinely appreciate your feedback/story about the incident, what caused it, what you know about what happened, how you fixed it, etc.
>
> Please contact me off-list if you have any information or stories. It would be greatly helpful to our company.
>
> Thank you!
>
> Sean Stephens
> CEO
> LassoSoft Inc.
> http://www.lassosoft.com
>
> #############################################################
> This message is sent to you because you are subscribed to
>    the mailing list Lasso
> [hidden email]
> To unsubscribe, E-mail to:<[hidden email]>
> Send administrative queries to<[hidden email]>
>


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>