lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: chrislist at sinetimore.com (Chris McCulloh) Subject: What's wrong with this picture? On Thu, 26 Feb 2004 21:46:20 "Richard Spiers" <Dksaarth@...x.za.net> said: > Just thought I'd highlight some things > > ""We have never had vulnerabilities exploited before the patch was > known," he said. " > > "Mr Aucsmith said he could only think of one instance when a > vulnerability was exploited before a patch was available." > > Which one is it? And at any rate both are ridiculous. I thought about this fact as well, but it's typical semantics playing into PR bull. He said could only think of one instance of an exploit before a patch was available. However, note that he very carefully sidesteps the issue by first saying no exploits have existed since "before the patch was known." Not available. Basically he's saying "OK, well this one time, we announced a forthcoming patch and an exploit was discovered to be in existence before we actually got around to releasing the patch." Ahh, the spin cycle. -chris -- Chris McCulloh Secure Systems Architect Sinetimore, LLC e: cmcculloh@...etimore.com t: 212.504.0288 f: 212.656.1469 w: http://www.sinetimore.com a: 40 Broad Street, 4th Floor, New York, NY 10004, USA key: http://www.sinetimore.com/chriskey.pub : [ 9508 07E0 9E6C DD05 4419 40FA 4D96 FD82 24CE 0273 ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040226/06ec8d9c/attachment.bin
Powered by blists - more mailing lists