lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: gui at goddessmoon.org (Poof)
Subject: SSH Exploit Request

> Carefully read the subtext in his note.  He would like an exploit if
> possible (or at least that's his claim) so that he can prove to someone
> else that yes, it DOES need to be patched, right now.  I.e. he's got a
> boss with pointy hair that isn't cooperating.
> 
> You don't have to believe his story.  Having dealt with many bosses (my
> own, or someone else's) exactly like that, I'm willing to entertain his
> story.
> 
> Calling the admin who wants to apply the patch, but isn't allowed to
> without jumping through hoops, lazy or stupid doesn't help anyone.

Uhm, if his boss is that way to an admin that's asked to secure a box/set of
computers I personally wouldn't work there. There is too much on my head
then.

Your boss should respect what you say and what you know and allow you to do
your job instead of wanting to do it himself.

Anyhow, I personally don't want a DCOM For nix... Since I know of a LOT of
boxes that haven't been patched yet. There is really no need for a 'box and
shipped' version of the vuln. There is a whitepaper out... Go read it and
figure it out yourself.

Moo~

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ