lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45D616F4.1030305@qwest.net>
Date: Fri, 16 Feb 2007 13:41:24 -0700
From: "Anthony R. Nemmer" <intertwingled@...st.net>
To: jf <jf@...glingpointers.net>
Cc: thefinn12345@...il.com, bugtraq@...urityfocus.com
Subject: Re: Solaris telnet vulnberability - how many on your network?

Let's taper off this thread.  It's getting downright boring.

Thanks,
Anthony Nemmer

jf wrote:
>> I believe in the early 90's there was a serious problem discovered in intel chips that allowed certain standard code to be run
>> to overflow programs arbitrarily and gain access to operating systems in
>> an administrative capacity.
>>
>> Also I remember the redhat (back in the day) repository being hacked and backdoored versions of programs being put into it.
>> I believe this also happened to an early version of debian or fedora at
>> some point also.
> 
> And how does this relate to Sun purposely putting a backdoor into their
> telnet service, as that was the suggestion, not a rogue attacker invading
> a CVS/FTP server and patching the source.
> 
> 
>> But I think you miss the point.
> 
> No, I think you're changing it to suit your purposes.
> 
>> Scarey stuff. The job is to be paranoid. Not to be dismissive of those who ARE.
> 
> I'm being dismissive of those of you who would prefer to believe that this
> is something that was put into the source on purpose by Sun as opposed to
> a developers mistake, Occam's razor and all that. There is a difference of
> paranoia and utter absurdity, and the (serious) suggestion that this was a
> bug placed on purpose by Sun crosses thats line. It was a silly bug
> accidently placed by (most likely) an engineer at Sun who will never live
> it up, not some stupid attempt at world domination via telnet.
> 
> 


-- 

I always have coffee when I watch radar!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ