lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Correction to latest Colsaire advisories

Dear advisories,

--Tuesday, September 14, 2004, 6:24:09 PM, you wrote to full-disclosure@...ts.netsys.com:

a> Did you try Google? ;)

a> http://www.uniras.gov.uk/vuls/2004/380375/mime.htm

I  saw  this link in your advisory. For this case I teach my students to
use  information  already  gathered.  Only  vulnerable product listed is
ripMIME.  ripMIME  team  always  replies  to  this kind of incidents and
provides really good solution (better than recommended one, BTW).

a> Admitedly it is a bit thin at the moment (and many names are conspicous by
a> their absense). This should improve as more vendors provide a statement.

>> Of cause, poor, busy and tired 3APA3A can not do it alone.

a> You never had to; NISCC, CERT/CC?

I did with CERT. It looks like for last 2-3 years CERT does not responds
to  individual  researchers.  BTW:  there  is  no more CERT/CC. Now it's
CERT-US.

>> How this information helps vendors to secure their products?

a> Any vendors (who have not already been involved so far) who wish to get more
a> detail are encouraged to contact the NISCC team and request a copy of the
a> test suite.

-- 
~/ZARAZA
??? ????? ?????? ??????, ??? ?????? ?????? ?? ?????. (????)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ