Tuesday, January 15, 2008

Apparently I reported a vulnerability in BugTraq

Well it's 4am, and I'm not sleeping. Not good. Friggen insomnia.

So with nothing better to do, I ran my name through Google for the first time in over a year. It turns up I got credited in BugTraq for reporting a vulnerability in the Citrix ICA protocol:

http://www.securityfocus.com/bid/7276

Kind of funny, since I remember the thread of discussion, but did not know that somebody had taken the result of that and registered the vulnerability in the database.

There's also a bit of irony because when I contributed to the discussion at the time I was in the process of writing an Ethereal dissector for the ICA protocol. The vulnerability published in Bugtraq is pretty superficial. However, I kept blue-screening the ICA server when I was doing my ICA dissector work, and I never bothered to publish any of those very real security bugs.