lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: len at netsys.com (Len Rose)
Subject: [kbelanger@...icon.ca: [VulnWatch] vuln in login under solaris]

This isn't a known issue. There is no such bug. 

This is about fake advisories being approved by moderators. If the
only value of moderation is to weed out "other stuff" then the delays that
vuln-watch incurs rather frequently aren't worth the cost overhead in time.

Referring back to the technical merits of that advisory in particular,
something this blatant is readily checked in 5 minutes. Sun would never
have something of this nature so badly broken. This is in fact, /bin/login
and the bulk of that code is probably older than most people around today.

A fake advisory of this nature tends to devalue the overall reliabiliy 
of a list's information especially if it's moderated.

Len


On Thu, Sep 05, 2002 at 05:59:09PM -0600, Steve wrote:
> Len,
> 
> Yes, the list is moderated as in we only approve messages that are actual
> vulnerability announcements and not "other stuff" (for other stuff see;
> http://lists.netsys.com/pipermail/full-disclosure/).
> 
> It is not the jobs of the moderators to take the time and verify each vuln
> report as it will slow down the flow of the list and the moderators are only
> human and can make mistakes just like everyone else.
> 
> It has also been discussed on VulnDiscuss that this isn't really a
> vulnerability in the first place and is a known "issue"/limitation.  This in
> my opinion is the whole point of the discussion list - to weed out the crap
> in a public forum -- almost like peer review.
> 
> 
> Regards;
> 
> Steve Manzuik
> Moderator - VulnWatch
> Moderator - VulnDiscuss
> www.vulnwatch.org
>

[snipped]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ