lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: Ken at infosec101.org (Ken Pfeil)
Subject: openssl exploit code

Original link:

http://www2.computer-zeitung.de/cz/aktuell/artikel/artikel.1027685895.23234.
html (Can't find it now)

Google's cache (wrapped):

http://216.239.39.100/search?q=cache:LTgFtuQJ2SgC:www2.computer-zeitung.de/c
z/aktuell/artikel/artikel.1027685895.23234.html+Bugtraq+wird+den+Industrieno
rmen+f%C3%BCr+Security-Ver%C3%B6ffentlichungen&hl=en&ie=UTF-8




>>-----Original Message-----
>>From: full-disclosure-admin@...ts.netsys.com
>>[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Florian
>>Weimer
>>Sent: Tuesday, September 17, 2002 11:22 AM
>>To: hellNbak
>>Cc: full-disclosure@...ts.netsys.com
>>Subject: Re: [Full-Disclosure] openssl exploit code
>>
>>
>>hellNbak <hellnbak@...c.org> writes:
>>
>>> Source?  URL?  Article?  I personally would be very surprised if this
>>> happened.  But stranger things have happened.
>>
>>I've got the following quote from Computerzeitung, but no direct URL:
>>
>>| Bugtraq wird den Industrienormen f?r Security-Ver?ffentlichungen
>>| folgen, wie es das heute bereits tut. Es gibt immer Verz?gerungen,
>>| sogar bei Bugtraq: Die Sicherheitsl?cke muss verifiziert und der
>>| Hersteller alarmiert werden. Typischerweise r?umt man ihm immer eine
>>| Gef?lligkeitszeit ein, um einen Patch zu entwickeln. Diesen Standard
>>| werden wir beibehalten.
>>
>>John Schwarz, Chief Operating Office, Symantec.
>>
>>Approximate translation:
>>
>>Bugtraq will follow the industry norms for security disclosures, like
>>it does now.  There are always delays, even with Bugtraq: A security
>>vulnerability has to be verified, and the vendor has to be alarmed.
>>Typically, the vendor gets a grace period to develop a patch.  We will
>>keep this standard.
>>
>>(Sorry, English isn't my native tongue.)
>>
>>--
>>Florian Weimer 	                  Weimer@...T.Uni-Stuttgart.DE
>>University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
>>RUS-CERT                          fax +49-711-685-5898
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ