| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Sep 8 18:33:50 2005 From: security at weretiger.ca (Grant Rietze) Subject: Security Hole Found In Dave's Sock I concur, It was fun until it got excessive. > -----Original Message----- > From: John Smith [mailto:vun.list@...il.com] > Sent: September 8, 2005 1:28 PM > To: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Security Hole Found In Dave's Sock > > Can we all shut up now? I know most of you are bored, please try to find > something else to occupy yourselves with. I did not sign up to this list > for childish banter (even though that is what I get most of the time, > this is far exceeding the normal limit). > > > > Raj Mathur wrote: > >>>>>>"Ted" == Ted Frederick <tfrederick@...entek.com> writes: > > > > > > Ted> Dear list, I know that this list is not meant for personal > > Ted> promotion but I think I would be remiss if I did not mention > > Ted> that my company has recently released an upgrade to our > > Ted> initial offering of Shoe 1.0. The upgrade to Shoe 2.0 > > Ted> includes a firewall/anti-virus product previously known as > > Ted> Sock 3.4563.v54. > > > > Ted> The upgrade cost is $19.99. There is also a required software > > Ted> assurance subscription of $325.79 monthly. > > > > Ted> If all goes well with the new product I suspect that we will > > Ted> be purchased by a major software vendor before year end thus > > Ted> making updates available on the first Tuesday of every month > > Ted> to protect against further holes. These updates will have > > Ted> vague names with no indication of what they actually fix > > Ted> which should relieve you of sparing any thought to what risks > > Ted> you may have been exposed to prior to the patch. > > > > Ted> Yes, we have in fact thought of everything so you don't have > > Ted> to. > > > > I'm afraid you have fallen into the common trap of suggesting a > > hardwear solution for what is essentially a softwear problem. I'd > > have been much happier to see the softwear vendors acknowledge this > > vulnerability (it's endemic, not specific to one vendor) and offer > > upgrades to their softwear on a regular basis. > > > > I'm making a compilation of socks v5.0 softwear available in the > > market and subjecting them to stress testing; the testing includes > > running 2KM after subjecting the softwear to dipping in Sewer 0.2, > > having /bin/cat /bin/sleep on them for 2 days, and a cron job to > > periodically transfer them to and from a Windows system. The results > > of this testing will be available for a nominal fee(*). > > > > I also suspect that by the end of the testing the softwear will have > > metamorphosed into those elusive WMDs that have been, uh, eluding us > > for so long. > > > > (*) Standard nominal fee is half your kingdom and your daughter's hand > > in marriage). > > > > Regards, > > > > -- Raju > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists