Thursday 30 May 2013

Secunia apologises after accidentally disclosing zero-day vulnerability on public mailing list



Secunia, an international IT Security firm specialized in vulnerability management , has apologized after an unpatched zero-day vulnerability was accidentally sent to a public mailing list.

The story published yesterday by Security Week revealed the mistake Secunia made while forwarding the a zero-day details within an image viewing app. The email was supposed to be addressed to the vuln address at Secunia.  However the auto-fill mistake address sent the details to the vim[at]attrition.org.

"While coordinating with the researcher, one email was accidentally sent from Secunia to a public emailing list, thereby making information about one of the vulnerabilities publically available." Secunia commented on the disclosed vulnerability.

"Upon realizing the mistake, Secunia immediately informed the vendor in question, who is currently working to create a patch for the vulnerability. Secunia is going through all procedures to ensure that this cannot happen in future.

No comments:

Post a Comment