FunnySad side of security
Reading through Zero Day Initiative’s (ZDI) advisory: Verity Ultraseek Request Proxying Vulnerability, I noticed that they mentioned that the vendor:
Verity has issued an update to correct this vulnerability. More details can be found at: http://www.ultraseek.com/support/docs/RELNOTES.txt
but going to the release notes you can quickly see that there is no mentioning of this vulnerability, nor the words Security/Vulnerability is ever mentioned in the advisory.
This could mean either of the two, ZDI’s advisory is incorrect, or Ultraseek decided to hide the fact that the vulnerability ever existed, I am assuming the latter.
This is of course saddening, no user of Ultraseek reading the release notes will ever know that the problem existed, unless they look up ZDI’s advisory.
Food for thought…