lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dotslash at snosoft.com (KF)
Subject: SCO Web Site Vulnerable to Slapper?

How about their customers...

I (indirectly) for example am forced to make use of their OS because 
several years ago a number of our clients decided to use SCO OpenServer 
(since it was more stable than M$ products). They (clunky old SCO boxen) 
are now quite embeded into the day to day operations...

...let me guess they are jackasses for using SCO to begin with. =]

I do certainly agree that they need a good kick in the pants (who ever 
runs them now) to get them on the ball... previous management needed a 
few teeth yanked out before they understood that I could give a rats ass 
about a support contract... the security issues that I reported to them 
were out of good faith .. take em or leave em. And how dare you tell me 
that I need to pay for support in order to report a security issue... =]
-KF


Justin Shin wrote:
> No I think SCO deserves whatever is coming to them if they really are vulnerable, because they are a bunch of jackasses. I don't think anyone can disagree with me here.
> 
> -- Justin
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of KF
> Sent: Tuesday, August 19, 2003 5:42 AM
> To: Gherkin McDonalds
> Cc: full-disclosure@...ts.netsys.com; security@...dera.com;
> security@....com
> Subject: Re: [Full-Disclosure] SCO Web Site Vulnerable to Slapper?
> 
> 
> did you talk to security@...dera.com? probably a better place to start 
> than a full-disclosure mailing list.
> -KF
> 
> Gherkin McDonalds wrote:
> 
>>They seem to be running Apache/1.3.14 (Unix)
>>mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC on Linux,
>>which,
>>if I have my facts straight, is vulnerable to
>><URL:http://www.cert.org/advisories/CA-2002-27.html>.
>>
>>Am I correct?
>>
>>__________________________________
>>Do you Yahoo!?
>>Yahoo! SiteBuilder - Free, easy-to-use web site design software
>>http://sitebuilder.yahoo.com
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists