lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun Aug 28 01:51:02 2005
From: measl at mfn.org (J.A. Terranson)
Subject: RE: Example firewall script


On Sun, 28 Aug 2005, Jason Coombs wrote:

> The problem with knowing a thing or two about a thing or two is that
> you're constantly arguing with other people who know nothing about
> things that nobody else can possibly understand, and that nobody will be
> forced to learn about or consider carefully until it's too late for the
> knowledge to save them from harm.

Slow day Jason?

> This is yet another reason that full disclosure is crucial to everyone's
> readiness and to our ability to defend ourselves... Discussion and
> analysis of complex subjects, with real-world study and disclosure of
> failures and mistakes, prepares us to understand new risks and classify
> new threats according to actual significance in our situations.
>
> So, thank you both for sharing your debate and thereby calling attention
> to an area of uncertainty in practice, but if you're going to argue
> about definitions of routing tables vs. ACLs, why not do it in a way
> that mere mortals are able to understand some day in the future when
> they find your debate archived somewhere because their Cisco router's
> ACL ruleset failed to consider the fact that they had routes and
> multihomed interfaces configured dynamically by an attacker who knew
> better than the victim just how ACLs are parsed and precisely what the
> difference is between a good ACL and a bad one -- or where an attacker
> knew there was another interface physically attached to the Cisco device
> where a small wireless access point could be attached, which WAP would
> automatically assign the Cisco device another endpoint address in the
> WAP's address space.

Heartily agreed.  In spite of that agreement, thank you for providing that
wonderful tidbit.


> Fuck off doesn't add to the substance of the technical arguments, and
> even trying to understand why you are debating at all there does not
> appear to be any reason

Actually, I accept responsibility for the ambiguity: the "FUCK OFF" was
not directed at the technical pseudodebate, it was directed at the lunatic
telephone calls.  So, for the sake of clarity and in the spirit of Full
Disclosure, allow me to be clearer the second time around:

Eric: FUCK YOU.  (As opposed to "FUCK OFF").

There.  I feel better now :-)

//Alif

-- 
Yours,

J.A. Terranson
sysadmin@....org
0xBD4A95BF


I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.

don zweig, M.D.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ