Site icon Liquidmatrix Security Digest

Annoying Vendor Emails

There are few things that annoy me than when a vendor bends the truth to try and sell product. Here is part of an email that I received yesterday.

Dear Dave,

As you are most likely aware, last week David Litchfield from NGS has blessed the world with another cyber attack announcement on Oracle databases that allows an attacker to take complete control of an Oracle database system. No fix is available by Oracle.

Litchfield has been infamous for doing something similar with the slammer worm that affected millions of companies a few years back. This irresponsible move has even more companies worried today about a potentially greater new security risk.

$VENDOR sent out an announcement last night. If you did not receive it please let us know and we will get you the information.

$VENDOR is the only company globally capable of fixing this issue. The details are in the announcement:

Ah, the joy of getting half the story.

What David did at Black Hat in the summer of 2002 (and I was in the room for it) was show a proof of concept for what eventually became slammer more than 6 months later. The inference in the email was that he had released the worm. Not sure if that was intended but, that was my take away.

This is not the way to win customers. Tell me why your product stands on its own two feet. If you want to sell your product don’t play the Coke vs Pepsi nonsense. And for all that’s good and holy…don’t tell me that only $VENDOR can fix it.

Don’t piss on my leg and tell me it’s raining.

Rant off.

(Image used under CC from John Markos O’Neill’s Flickr feed)

Exit mobile version