lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: listuser at seifried.org (Kurt Seifried)
Subject: ** OFFTOPIC            ** OpenSSH again - not really.

I might point out something: If someone could actually show me exploit code
for this flaw I'd love to see it. Heck, if you could point out some decent
evidence one person was compromised via this flaw (a packet trace, forensics
on a compromised system, anything) I'd love to see that too. I'm not saying
it won't happen, I do however stand by my "won't worry much" statement. So
far I have seen no hard (or even soft, or squishy) evidence of this flaw
being exploited.

As for the rest of the rant, I didn't bother to read it. I find the complete
lack of professionalism by Security Snot so utterly tiring and useless.

Apologies to the people CC'ed on this reply, I'm not sure why Security Snot
CC'ed you, and to be honest I'm not sure why I am CC'ing you either.

Apologies to list readers, this is off topic, mea culpa.

P.S. If anyone has any evidence at all this thing is being exploited, please
let the list know. Now that would actually be worth reading.

Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ